{ "CVE_data_type" : "CVE", "CVE_data_format" : "MITRE", "CVE_data_version" : "4.0", "CVE_data_numberOfCVEs" : "1550", "CVE_data_timestamp" : "2021-07-23T07:02Z", "CVE_Items" : [ { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0001", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a010603-1.txt", "name" : "A010603-1", "refsource" : "ATSTAKE", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/412115", "name" : "VU#412115", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html", "name" : "20030110 More information regarding Etherleak", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf", "name" : "http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-025.html", "name" : "RHSA-2003:025", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-088.html", "name" : "RHSA-2003:088", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.osvdb.org/9962", "name" : "9962", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7996", "name" : "7996", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104222046632243&w=2", "name" : "20030110 More information regarding Etherleak", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id/1031583", "name" : "1031583", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665", "name" : "oval:org.mitre.oval:def:2665", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id/1040185", "name" : "1040185", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/307564/30/26270/threaded", "name" : "20030117 Re: More information regarding Etherleak", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/305335/30/26420/threaded", "name" : "20030106 Etherleak: Ethernet frame padding information leakage (A010603-1)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-01-17T05:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0002", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/10318.php", "name" : "mcms-manuallogin-reasontxt-xss (10318)", "refsource" : "XF", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/5922", "name" : "5922", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=103417794800719&w=2", "name" : "20021007 CSS on Microsoft Content Management Server", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-002", "name" : "MS03-002", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:content_management_server:2001:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:content_management_server:2001:sp1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-07T05:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0003", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cert.org/advisories/CA-2003-03.html", "name" : "CA-2003-03", "refsource" : "CERT", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/610986", "name" : "VU#610986", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6666", "name" : "6666", "refsource" : "BID", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://marc.info/?l=bugtraq&m=104394414713415&w=2", "name" : "20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)", "refsource" : "BUGTRAQ", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=104393588232166&w=2", "name" : "20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)", "refsource" : "NTBUGTRAQ", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A103", "name" : "oval:org.mitre.oval:def:103", "refsource" : "OVAL", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11132", "name" : "win-locator-bo(11132)", "refsource" : "XF", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-001", "name" : "MS03-001", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:windows_2000_terminal_services:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:-:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:-:sp1:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:-:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-07T05:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0004", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0154.html", "name" : "20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6778", "name" : "6778", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.iss.net/security_center/static/11260.php", "name" : "winxp-windows-redirector-bo(11260)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104878038418534&w=2", "name" : "20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-005", "name" : "MS03-005", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-19T05:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0007", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/6667", "name" : "6667", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11133", "name" : "outlook-v1-certificate-plaintext(11133)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-003", "name" : "MS03-003", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka \"Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2002:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2002:sp2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-07T05:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0009", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/6966", "name" : "6966", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11425.php", "name" : "winme-hsc-hcp-bo(11425)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-047.shtml", "name" : "N-047", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/489721", "name" : "VU#489721", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.osvdb.org/6074", "name" : "6074", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104636383018686&w=2", "name" : "20030227 MS-Windows ME IE/Outlook/HelpCenter critical vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-006", "name" : "MS03-006", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-07T05:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0010", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7146", "name" : "7146", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0139.html", "name" : "20030319 Windows Scripting Engine issue", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=26", "name" : "20030319 Heap Overflow in Windows Script Engine", "refsource" : "IDEFENSE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104812108307645&w=2", "name" : "20030319 iDEFENSE Security Advisory 03.19.03: Heap Overflow in Windows Script Engine", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A795", "name" : "oval:org.mitre.oval:def:795", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A794", "name" : "oval:org.mitre.oval:def:794", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A200", "name" : "oval:org.mitre.oval:def:200", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A134", "name" : "oval:org.mitre.oval:def:134", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-008", "name" : "MS03-008", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-24T05:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0011", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7145", "name" : "7145", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-009", "name" : "MS03-009", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:isa_server:2000:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:isa_server:2000:sp1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-24T05:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0012", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/10971.php", "name" : "bugzilla-mining-world-writable(10971)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-230", "name" : "DSA-230", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-012.html", "name" : "RHSA-2003:012", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6502", "name" : "6502", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104154319200399&w=2", "name" : "20030102 [BUGZILLA] Security Advisory - remote database password disclosure", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-01-17T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0013", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-230", "name" : "DSA-230", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6501", "name" : "6501", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.iss.net/security_center/static/10970.php", "name" : "bugzilla-htaccess-database-password(10970)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.osvdb.org/6351", "name" : "6351", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104154319200399&w=2", "name" : "20030102 [BUGZILLA] Security Advisory - remote database password disclosure", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-01-17T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0014", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packages.debian.org/changelogs/pool/main/b/bmv/bmv_1.2-14.2/changelog", "name" : "http://packages.debian.org/changelogs/pool/main/b/bmv/bmv_1.2-14.2/changelog", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2005/dsa-633", "name" : "DSA-633", "refsource" : "DEBIAN", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securityfocus.org/bid/12229", "name" : "12229", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://securitytracker.com/id?1012847", "name" : "1012847", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/13793", "name" : "13793", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/13796", "name" : "13796", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18823", "name" : "bmv-symlink(18823)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bmv:bmv:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-01-11T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0015", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-415" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://security.e-matters.de/advisories/012003.html", "name" : "http://security.e-matters.de/advisories/012003.html", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2003-013.html", "name" : "RHSA-2003:013", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/650937", "name" : "VU#650937", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14", "name" : "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14", "refsource" : "CONFIRM", "tags" : [ "Broken Link" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html", "name" : "20030120 Advisory 01/2003: CVS remote vulnerability", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.cert.org/advisories/CA-2003-02.html", "name" : "CA-2003-02", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.debian.org/security/2003/dsa-233", "name" : "DSA-233", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009", "name" : "MDKSA-2003:009", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-012.html", "name" : "RHSA-2003:012", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-032.shtml", "name" : "N-032", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6650", "name" : "6650", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104438807203491&w=2", "name" : "FreeBSD-SA-03:01", "refsource" : "FREEBSD", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104342550612736&w=2", "name" : "20030124 Test program for CVS double-free.", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104428571204468&w=2", "name" : "20030202 Exploit for CVS double free() for Linux pserver", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104333092200589&w=2", "name" : "20030122 [security@slackware.com: [slackware-security] New CVS packages available]", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108", "name" : "cvs-doublefree-memory-corruption(11108)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.1p1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-07T05:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0016", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.apacheweek.com/issues/03-01-24#security", "name" : "http://www.apacheweek.com/issues/03-01-24#security", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/979793", "name" : "VU#979793", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/825177", "name" : "VU#825177", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6659", "name" : "6659", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2", "name" : "[apache-httpd-announce] 20030120 [ANNOUNCE] Apache 2.0.44 Released", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11125", "name" : "apache-device-code-execution(11125)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11124", "name" : "apache-device-name-dos(11124)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource" : "MLIST", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-07T05:00Z", "lastModifiedDate" : "2021-06-06T11:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0017", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2", "name" : "http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as \">\", which causes a different filename to be processed and served." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-07T05:00Z", "lastModifiedDate" : "2021-06-06T11:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0018", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-025.html", "name" : "RHSA-2003:025", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11249.php", "name" : "linux-odirect-information-leak(11249)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-423", "name" : "DSA-423", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://linux.bkbits.net:8080/linux-2.4/cset@3e2f193drGJDBg9SG6JwaDQwCBnAMQ", "name" : "http://linux.bkbits.net:8080/linux-2.4/cset@3e2f193drGJDBg9SG6JwaDQwCBnAMQ", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-358", "name" : "DSA-358", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:014", "name" : "MDKSA-2003:014", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6763", "name" : "6763", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 3.6 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-19T05:00Z", "lastModifiedDate" : "2008-09-11T00:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0019", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-056.html", "name" : "RHSA-2003:056", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11276.php", "name" : "linux-umlnet-gain-privileges(11276)", "refsource" : "XF", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/134025", "name" : "VU#134025", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-044.shtml", "name" : "N-044", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6801", "name" : "6801", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:i386:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-19T05:00Z", "lastModifiedDate" : "2008-09-11T00:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0020", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/9930", "name" : "9930", "refsource" : "BID", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.iss.net/security_center/static/11412.php", "name" : "apache-esc-seq-injection(11412)", "refsource" : "XF", "tags" : [ "Broken Link" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "VULNWATCH", "tags" : [ "Broken Link" ] }, { "url" : "http://security.gentoo.org/glsa/glsa-200405-22.xml", "name" : "GLSA-200405-22", "refsource" : "GENTOO", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050", "name" : "MDKSA-2003:050", "refsource" : "MANDRAKE", "tags" : [ "Broken Link" ] }, { "url" : "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046", "name" : "MDKSA-2004:046", "refsource" : "MANDRAKE", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-082.html", "name" : "RHSA-2003:082", "refsource" : "REDHAT", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-083.html", "name" : "RHSA-2003:083", "refsource" : "REDHAT", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-104.html", "name" : "RHSA-2003:104", "refsource" : "REDHAT", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-139.html", "name" : "RHSA-2003:139", "refsource" : "REDHAT", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-243.html", "name" : "RHSA-2003:243", "refsource" : "REDHAT", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-244.html", "name" : "RHSA-2003:244", "refsource" : "REDHAT", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643", "name" : "SSA:2004-133", "refsource" : "SLACKWARE", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1", "name" : "57628", "refsource" : "SUNALERT", "tags" : [ "Broken Link" ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1", "name" : "101555", "refsource" : "SUNALERT", "tags" : [ "Broken Link" ] }, { "url" : "http://www.trustix.org/errata/2004/0017", "name" : "2004-0017", "refsource" : "TRUSTIX", "tags" : [ "Broken Link" ] }, { "url" : "http://www.trustix.org/errata/2004/0027", "name" : "2004-0027", "refsource" : "TRUSTIX", "tags" : [ "Broken Link" ] }, { "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "BUGTRAQ", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=108369640424244&w=2", "name" : "APPLE-SA-2004-05-03", "refsource" : "APPLE", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=108731648532365&w=2", "name" : "SSRT4717", "refsource" : "HP", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=108437852004207&w=2", "name" : "20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)", "refsource" : "BUGTRAQ", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4114", "name" : "oval:org.mitre.oval:def:4114", "refsource" : "OVAL", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A150", "name" : "oval:org.mitre.oval:def:150", "refsource" : "OVAL", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100109", "name" : "oval:org.mitre.oval:def:100109", "refsource" : "OVAL", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.3.0", "versionEndExcluding" : "1.3.31", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0.0", "versionEndExcluding" : "2.0.49", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-18T05:00Z", "lastModifiedDate" : "2021-06-06T11:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0021", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11413.php", "name" : "terminal-emulator-screen-dump(11413)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040", "name" : "MDKSA-2003:040", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6936", "name" : "6936", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The \"screen dump\" feature in Eterm 0.9.1 and earlier allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:michael_jennings:eterm:0.8.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:michael_jennings:eterm:0.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0022", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11413.php", "name" : "terminal-emulator-screen-dump(11413)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034", "name" : "MDKSA-2003:034", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-054.html", "name" : "RHSA-2003:054", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-055.html", "name" : "RHSA-2003:055", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6938", "name" : "6938", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The \"screen dump\" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0023", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11416.php", "name" : "terminal-emulator-menu-modification(11416)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034", "name" : "MDKSA-2003:034", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-055.html", "name" : "RHSA-2003:055", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-054.html", "name" : "RHSA-2003:054", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6947", "name" : "6947", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0024", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11416.php", "name" : "terminal-emulator-menu-modification(11416)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6949", "name" : "6949", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aterm:aterm:0.42:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0025", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-229", "name" : "DSA-229", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/306268", "name" : "20030108 Re: IMP 2.x SQL injection vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6559", "name" : "6559", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005904", "name" : "1005904", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8087", "name" : "8087", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8177", "name" : "8177", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104204786206563&w=2", "name" : "20030108 IMP 2.x SQL injection vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:horde:imp:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:horde:imp:2.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:horde:imp:2.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:horde:imp:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:horde:imp:2.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:horde:imp:2.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:horde:imp:2.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:horde:imp:2.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:horde:imp:2.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-01-17T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0026", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cert.org/advisories/CA-2003-01.html", "name" : "CA-2003-01", "refsource" : "CERT", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/284857", "name" : "VU#284857", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-011.html", "name" : "RHSA-2003:011", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-231", "name" : "DSA-231", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0250.html", "name" : "20030122 [securityslackware.com: [slackware-security] New DHCP packages available]", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-031.shtml", "name" : "N-031", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000562", "name" : "CLA-2003:562", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:007", "name" : "MDKSA-2003:007", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.002.html", "name" : "OpenPKG-SA-2003.002", "refsource" : "OPENPKG", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6627", "name" : "6627", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005924", "name" : "1005924", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://www.suse.com/de/security/2003_006_dhcp.html", "name" : "SuSE-SA:2003:006", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11073", "name" : "dhcpd-minires-multiple-bo(11073)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc5:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-01-17T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0027", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.entercept.com/news/uspr/01-22-03.asp", "name" : "http://www.entercept.com/news/uspr/01-22-03.asp", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/850785", "name" : "VU#850785", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50104", "name" : "50104", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6665", "name" : "6665", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104326556329850&w=2", "name" : "20030122 Entercept Ricochet Advisory: Sun Solaris KCMS Library Service Daemon Arbitrary File Retrieval Vulner", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2592", "name" : "oval:org.mitre.oval:def:2592", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A195", "name" : "oval:org.mitre.oval:def:195", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A120", "name" : "oval:org.mitre.oval:def:120", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11129", "name" : "solaris-kcms-directory-traversal(11129)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-07T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0028", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.eeye.com/html/Research/Advisories/AD20030318.html", "name" : "AD20030318", "refsource" : "EEYE", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-10.html", "name" : "CA-2003-10", "refsource" : "CERT", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html", "name" : "20030319 EEYE: XDR Integer Overflow", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/516825", "name" : "VU#516825", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.debian.org/security/2003/dsa-282", "name" : "DSA-282", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html", "name" : "RHSA-2003:051", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html", "name" : "RHSA-2003:052", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-089.html", "name" : "RHSA-2003:089", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-091.html", "name" : "RHSA-2003:091", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html", "name" : "ESA-20030321-010", "refsource" : "ENGARDE", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-266", "name" : "DSA-266", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-272", "name" : "DSA-272", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc", "name" : "NetBSD-SA2003-008", "refsource" : "NETBSD", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_027_glibc.html", "name" : "SuSE-SA:2003:027", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:037", "name" : "MDKSA-2003:037", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104810574423662&w=2", "name" : "20030319 EEYE: XDR Integer Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104878237121402&w=2", "name" : "2003-0014", "refsource" : "TRUSTIX", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104860855114117&w=2", "name" : "20030325 GLSA: glibc (200303-22)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105362148313082&w=2", "name" : "20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104811415301340&w=2", "name" : "20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20150122-0002/", "name" : "https://security.netapp.com/advisory/ntap-20150122-0002/", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230", "name" : "oval:org.mitre.oval:def:230", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316960/30/25250/threaded", "name" : "20030331 GLSA: krb5 & mit-krb5 (200303-28)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316931/30/25250/threaded", "name" : "20030331 GLSA: dietlibc (200303-29)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/315638/30/25430/threaded", "name" : "20030319 RE: EEYE: XDR Integer Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.0.4a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.1.1a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.2.2b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.2.2a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cray:unicos:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cray:unicos:9.0.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.1.1:stable:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:stable:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux_series_700:10.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.1.1:release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:stable:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cray:unicos:8.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cray:unicos:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux_series_800:10.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:stable:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:stable:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:stable:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cray:unicos:9.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cray:unicos:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cray:unicos:6.0e:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cray:unicos:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.2:stable:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cray:unicos:9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cray:unicos:6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-25T05:00Z", "lastModifiedDate" : "2020-01-21T15:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0030", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/247545", "name" : "VU#247545", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7084", "name" : "7084", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7085", "name" : "7085", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7083", "name" : "7083", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/8294", "name" : "8294", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104758650516677&w=2", "name" : "20030313 Protegrity buffer overflow", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension Feature (SEF) before 2.2.3.9 allow attackers with SQL access to execute arbitrary code via the extended stored procedures (1) xp_pty_checkusers, (2) xp_pty_insert, or (3) xp_pty_select." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:protegrity:secure.data:2.2.3.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:protegrity:secure.data:2.2.3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-18T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0031", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-228", "name" : "DSA-228", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000567", "name" : "CLA-2003:567", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6510", "name" : "6510", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006181", "name" : "1006181", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104162752401212&w=2", "name" : "20030103 Multiple libmcrypt vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104188513728573&w=2", "name" : "20030105 GLSA: libmcrypt", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to cause a denial of service (crash)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcrypt:libmcrypt:2.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcrypt:libmcrypt:2.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcrypt:libmcrypt:2.5.1_r4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcrypt:libmcrypt:2.5_.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-01-17T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0032", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-228", "name" : "DSA-228", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/10988.php", "name" : "libmcrypt-libtool-memory-leak(10988)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000567", "name" : "CLA-2003:567", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6512", "name" : "6512", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104162752401212&w=2", "name" : "20030103 Multiple libmcrypt vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104188513728573&w=2", "name" : "20030105 GLSA: libmcrypt", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Memory leak in libmcrypt before 2.5.5 allows attackers to cause a denial of service (memory exhaustion) via a large number of requests to the application, which causes libmcrypt to dynamically load algorithms via libtool." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcrypt:libmcrypt:2.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcrypt:libmcrypt:2.5_.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcrypt:libmcrypt:2.5.1_r4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcrypt:libmcrypt:2.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-01-17T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0033", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951", "name" : "20030303 Snort RPC Preprocessing Vulnerability", "refsource" : "ISS", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/10956.php", "name" : "snort-rpc-fragment-bo(10956)", "refsource" : "XF", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6963", "name" : "6963", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/916785", "name" : "VU#916785", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.debian.org/security/2003/dsa-297", "name" : "DSA-297", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-2944.html", "name" : "ESA-20030307-007", "refsource" : "ENGARDE", "tags" : [ ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:029", "name" : "MDKSA-2003:029", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.cert.org/advisories/CA-2003-13.html", "name" : "CA-2003-13", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.osvdb.org/4418", "name" : "4418", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105154530427824&w=2", "name" : "GLSA-200304-06", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104673386226064&w=2", "name" : "20030303 Snort RPC Vulnerability (fwd)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104716001503409&w=2", "name" : "GLSA-200303-6.1", "refsource" : "GENTOO", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before 1.9.1 allows remote attackers to execute arbitrary code via fragmented RPC packets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:snort:snort:1.8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:snort:snort:1.8.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:snort:snort:1.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:snort:snort:1.8.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:snort:snort:1.8.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:snort:snort:1.8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:snort:snort:1.8.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:snort:snort:1.8.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:snort:snort:1.8.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-07T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0034", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/advisory/01.21.03.txt", "name" : "http://www.idefense.com/advisory/01.21.03.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html", "name" : "20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:010", "name" : "MDKSA-2003:010", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6656", "name" : "6656", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005959", "name" : "1005959", "refsource" : "SECTRACK", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the mtink status monitor, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long HOME environment variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jean-jacques_sarton:mtink:0.9.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jean-jacques_sarton:mtink:0.9.33:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jean-jacques_sarton:mtink:0.9.52:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-07T05:00Z", "lastModifiedDate" : "2008-09-11T00:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0035", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/advisory/01.21.03.txt", "name" : "http://www.idefense.com/advisory/01.21.03.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html", "name" : "20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:010", "name" : "MDKSA-2003:010", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6658", "name" : "6658", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005959", "name" : "1005959", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/307608/30/26270/threaded", "name" : "20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in escputil, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long printer-name command line argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:robert_krawitz:escputil:1.15.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-07T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0036", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/advisory/01.21.03.txt", "name" : "http://www.idefense.com/advisory/01.21.03.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html", "name" : "20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:010", "name" : "MDKSA-2003:010", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005959", "name" : "1005959", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/307608/30/26270/threaded", "name" : "20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ml85p, as included in the printer-drivers package for Mandrake Linux, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable filenames of the form \"mlg85p%d\"." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rildo_pragana:ml85p:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.2 }, "severity" : "MEDIUM", "exploitabilityScore" : 1.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-07T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0037", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-244", "name" : "DSA-244", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6695", "name" : "6695", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7955", "name" : "7955", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11181", "name" : "noffle-multiple-bo(11181)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflows in noffle news server 1.0.1 and earlier allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:noffle:noffle:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-07T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0038", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt", "name" : "http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.debian.org/security/2004/dsa-436", "name" : "DSA-436", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6677", "name" : "6677", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/9205", "name" : "9205", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005987", "name" : "1005987", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104342745916111", "name" : "20030124 Mailman: cross-site scripting bug", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11152", "name" : "mailman-email-variable-xss(11152)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-07T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0039", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-245", "name" : "DSA-245", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000616", "name" : "CLSA-2003:616", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-034.html", "name" : "RHSA-2003:034", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://cc.turbolinux.com/security/TLSA-2003-26.txt", "name" : "TLSA-2003-26", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://www.openpkg.org/security/OpenPKG-SA-2003.012-dhcpd.html", "name" : "20030219 [OpenPKG-SA-2003.012] OpenPKG Security Advisory (dhcpd)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/149953", "name" : "VU#149953", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6628", "name" : "6628", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104310927813830&w=2", "name" : "20030115 DoS against DHCP infrastructure with isc dhcrelay", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11187", "name" : "dhcp-dhcrelay-dos(11187)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc9:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-07T05:00Z", "lastModifiedDate" : "2017-10-10T01:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0040", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-247", "name" : "DSA-247", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6738", "name" : "6738", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11213", "name" : "courierimap-authmysqllib-sql-injection(11213)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:inter7:courier-imap:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:double_precision_incorporated:courier_mta:0.37.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-19T05:00Z", "lastModifiedDate" : "2017-10-10T01:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0041", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-020.html", "name" : "RHSA-2003:020", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0047.html", "name" : "20030128 MIT Kerberos FTP client remote shell commands execution", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:021", "name" : "MDKSA-2003:021", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7979", "name" : "7979", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8114", "name" : "8114", "refsource" : "SECUNIA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_ftp_client:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:i386:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-19T05:00Z", "lastModifiedDate" : "2008-09-10T19:17Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0042", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/", "name" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt", "name" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-246", "name" : "DSA-246", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/advisories/5111", "name" : "HPSBUX0303-249", "refsource" : "HP", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-060.shtml", "name" : "N-060", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6721", "name" : "6721", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7972", "name" : "7972", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7977", "name" : "7977", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104394568616290&w=2", "name" : "20030130 Apache Jakarta Tomcat 3 URL parsing vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11194", "name" : "tomcat-null-directory-listing(11194)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-07T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0043", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/", "name" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt", "name" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-246", "name" : "DSA-246", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/advisories/5111", "name" : "HPSBUX0303-249", "refsource" : "HP", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-060.shtml", "name" : "N-060", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6722", "name" : "6722", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11195", "name" : "tomcat-webxml-read-files(11195)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-07T05:00Z", "lastModifiedDate" : "2017-10-10T01:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0044", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/", "name" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt", "name" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-246", "name" : "DSA-246", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/advisories/5111", "name" : "HPSBUX0303-249", "refsource" : "HP", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-060.shtml", "name" : "N-060", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6720", "name" : "6720", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/9203", "name" : "9203", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.osvdb.org/9204", "name" : "9204", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7972", "name" : "7972", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11196", "name" : "tomcat-web-app-xss(11196)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.3.1a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-07T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0045", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt", "name" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12102", "name" : "jakarta-tomcat-msdos-dos(12102)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-07T05:00Z", "lastModifiedDate" : "2017-10-10T01:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0046", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/advisory/01.28.03.txt", "name" : "http://www.idefense.com/advisory/01.28.03.txt", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.celestialsoftware.net/telnet/beta_software.html", "name" : "http://www.celestialsoftware.net/telnet/beta_software.html", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6725", "name" : "6725", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006013", "name" : "1006013", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://www.osvdb.org/7686", "name" : "7686", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104386492422014&w=2", "name" : "20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:celestial_software:absolutetelnet:2.11:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-19T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0047", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/advisory/01.28.03.txt", "name" : "http://www.idefense.com/advisory/01.28.03.txt", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6726", "name" : "6726", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6727", "name" : "6727", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6728", "name" : "6728", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006010", "name" : "1006010", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006011", "name" : "1006011", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006012", "name" : "1006012", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104386492422014&w=2", "name" : "20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:van_dyke_technologies:securecrt:3.4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:van_dyke_technologies:securecrt:4.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:van_dyke_technologies:securefx:2.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:van_dyke_technologies:securefx:2.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:van_dyke_technologies:entunnel:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-19T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0048", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/advisory/01.28.03.txt", "name" : "http://www.idefense.com/advisory/01.28.03.txt", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6724", "name" : "6724", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006014", "name" : "1006014", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104386492422014&w=2", "name" : "20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-19T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0049", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://docs.info.apple.com/article.html?artnum=61798", "name" : "http://docs.info.apple.com/article.html?artnum=61798", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11333.php", "name" : "macos-afp-unauthorized-access(11333)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", "name" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6860", "name" : "6860", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1006107", "name" : "1006107", "refsource" : "SECTRACK", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2008-09-11T00:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0050", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/11401.php", "name" : "quicktime-darwin-command-execution(11401)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", "name" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6954", "name" : "6954", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104618904330226&w=2", "name" : "20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-07T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0051", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/11402.php", "name" : "quicktime-darwin-path-disclosure(11402)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", "name" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6956", "name" : "6956", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104618904330226&w=2", "name" : "20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-07T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0052", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/11403.php", "name" : "quicktime-darwin-directory-disclosure(11403)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", "name" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6955", "name" : "6955", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104618904330226&w=2", "name" : "20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-07T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0053", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/11404.php", "name" : "quicktime-darwin-parsexml-xss(11404)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", "name" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6958", "name" : "6958", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104618904330226&w=2", "name" : "20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-07T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0054", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/11405.php", "name" : "quicktime-darwin-describe-xss(11405)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", "name" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6960", "name" : "6960", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104618904330226&w=2", "name" : "20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-07T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0055", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/11406.php", "name" : "quicktime-darwin-mp3-bo(11406)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", "name" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6957", "name" : "6957", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104618904330226&w=2", "name" : "20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the MP3 broadcasting module of Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via a long filename." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:quicktime_darwin_mp3_broadcaster:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-07T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0056", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-252", "name" : "DSA-252", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.usg.org.uk/advisories/2003.001.txt", "name" : "http://www.usg.org.uk/advisories/2003.001.txt", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-009.0.txt", "name" : "CSSA-2003-009.0", "refsource" : "CALDERA", "tags" : [ ] }, { "url" : "http://www.net-security.org/advisory.php?id=2010", "name" : "CLA-2003:643", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:015", "name" : "MDKSA-2003:015", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2004-041.html", "name" : "RHSA-2004:041", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc", "name" : "20040202-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7982", "name" : "7982", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8007", "name" : "8007", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8236", "name" : "8236", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10720", "name" : "10720", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7947", "name" : "7947", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8118/", "name" : "8118", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8749", "name" : "8749", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104348607205691&w=2", "name" : "20030125 Re: [USG- SA- 2003.001] USG Security Advisory (slocate)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104428624705363&w=2", "name" : "20030202 GLSA: slocate", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104342864418213&w=2", "name" : "20030124 [USG- SA- 2003.001] USG Security Advisory (slocate)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11369", "name" : "oval:org.mitre.oval:def:11369", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:slocate:slocate:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:slocate:slocate:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-19T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0057", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0042.html", "name" : "20030126 Hypermail buffer overflows", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-248", "name" : "DSA-248", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6689", "name" : "6689", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6690", "name" : "6690", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8030", "name" : "8030", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104369136703903&w=2", "name" : "20030127 Hypermail buffer overflows", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11158", "name" : "hypermail-long-hostname-bo(11158)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11157", "name" : "hypermail-mail-attachment-bo(11157)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code (1) via a long attachment filename that is not properly handled by the hypermail executable, or (2) by connecting to the mail CGI program from an IP address that reverse-resolves to a long hostname." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hypermail:hypermail:2.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hypermail:hypermail:2.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hypermail:hypermail:2.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hypermail:hypermail:2.1_.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hypermail:hypermail:2.0b25:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hypermail:hypermail:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hypermail:hypermail:2.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-19T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0058", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt", "name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/661243", "name" : "VU#661243", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6683", "name" : "6683", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639", "name" : "CLSA-2003:639", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043", "name" : "MDKSA-2003:043", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html", "name" : "RHSA-2003:051", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html", "name" : "RHSA-2003:052", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-168.html", "name" : "RHSA-2003:168", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50142", "name" : "50142", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1110", "name" : "oval:org.mitre.oval:def:1110", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10099", "name" : "kerberos-kdc-null-pointer-dos(10099)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:enterprise_authentication_mechanism:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-19T05:00Z", "lastModifiedDate" : "2020-01-21T15:44Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0059", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt", "name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/684563", "name" : "VU#684563", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6714", "name" : "6714", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639", "name" : "CLSA-2003:639", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043", "name" : "MDKSA-2003:043", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html", "name" : "RHSA-2003:051", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html", "name" : "RHSA-2003:052", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-168.html", "name" : "RHSA-2003:168", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11188", "name" : "kerberos-kdc-user-spoofing(11188)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-19T05:00Z", "lastModifiedDate" : "2020-01-21T15:44Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0060", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt", "name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/787523", "name" : "VU#787523", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6712", "name" : "6712", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/4879", "name" : "4879", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639", "name" : "CLSA-2003:639", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11189", "name" : "kerberos-kdc-format-string(11189)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-19T05:00Z", "lastModifiedDate" : "2020-01-21T15:44Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0061", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/application/poi/display?id=87&type=vulnerabilities&flashstatus=true", "name" : "20030203 HP UX passwd Binary Buffer Overflow Vulnerability", "refsource" : "IDEFENSE", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2002-01-11T05:00Z", "lastModifiedDate" : "2008-09-05T20:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0062", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/11282.php", "name" : "nod32-pathname-bo(11282)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.idefense.com/advisory/02.10.03.txt", "name" : "http://www.idefense.com/advisory/02.10.03.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6803", "name" : "6803", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104490777824360&w=2", "name" : "20030210 iDEFENSE Security Advisory 02.10.03: Buffer Overflow In NOD32 Antivirus Software for Unix", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows local users to execute arbitrary code via a long path name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset_software:nod32_antivirus:1.0.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset_software:nod32_antivirus:1.0.11:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-19T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0063", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11414.php", "name" : "terminal-emulator-window-title(11414)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-380", "name" : "DSA-380", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-064.html", "name" : "RHSA-2003:064", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-065.html", "name" : "RHSA-2003:065", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-066.html", "name" : "RHSA-2003:066", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-067.html", "name" : "RHSA-2003:067", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6940", "name" : "6940", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2016-10-18T02:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0064", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11414.php", "name" : "terminal-emulator-window-title(11414)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/advisories/6236", "name" : "HPSBUX0401-309", "refsource" : "HP", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6942", "name" : "6942", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12m:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.26:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.34:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0065", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11414.php", "name" : "terminal-emulator-window-title(11414)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6945", "name" : "6945", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The uxterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:national_university_of_singapore:uxterm:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:national_university_of_singapore:uxterm:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2016-10-18T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0066", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11414.php", "name" : "terminal-emulator-window-title(11414)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/advisories/5137", "name" : "200303-16", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003", "name" : "MDKSA-2003:003", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-054.html", "name" : "RHSA-2003:054", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-055.html", "name" : "RHSA-2003:055", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6953", "name" : "6953", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2016-10-18T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0067", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11414.php", "name" : "terminal-emulator-window-title(11414)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aterm:aterm:0.42:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-18T05:00Z", "lastModifiedDate" : "2016-10-18T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0068", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11414.php", "name" : "terminal-emulator-window-title(11414)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-496", "name" : "DSA-496", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040", "name" : "MDKSA-2003:040", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/10237", "name" : "10237", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:michael_jennings:eterm:0.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:michael_jennings:eterm:0.8.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2016-10-18T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0069", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11414.php", "name" : "terminal-emulator-window-title(11414)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/8347", "name" : "8347", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-18T05:00Z", "lastModifiedDate" : "2016-10-18T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0070", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11414.php", "name" : "terminal-emulator-window-title(11414)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-053.html", "name" : "RHSA-2003:053", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://seclists.org/lists/bugtraq/2003/Mar/0010.html", "name" : "GLSA-200303-2", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nalin_dahyabhai:vte:0.17.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nalin_dahyabhai:vte:0.20.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nalin_dahyabhai:vte:0.22.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nalin_dahyabhai:vte:0.12.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nalin_dahyabhai:vte:0.24.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nalin_dahyabhai:vte:0.25.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nalin_dahyabhai:vte:0.14.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nalin_dahyabhai:vte:0.16.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nalin_dahyabhai:vte:0.11.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nalin_dahyabhai:vte:0.15.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gnome-terminal:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gnome-terminal:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : true } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2016-10-18T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0071", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11415.php", "name" : "terminal-emulator-dec-udk(11415)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-380", "name" : "DSA-380", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-064.html", "name" : "RHSA-2003:064", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-065.html", "name" : "RHSA-2003:065", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-066.html", "name" : "RHSA-2003:066", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-067.html", "name" : "RHSA-2003:067", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6950", "name" : "6950", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2016-10-18T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0072", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt", "name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-266", "name" : "DSA-266", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html", "name" : "RHSA-2003:051", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html", "name" : "RHSA-2003:052", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1", "name" : "54042", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7184", "name" : "7184", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316960/30/25250/threaded", "name" : "20030331 GLSA: krb5 & mit-krb5 (200303-28)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka \"array overrun\")." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos:1.2.2.beta1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.3:alpha1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2020-01-21T15:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0073", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.mysql.com/doc/en/News-3.23.55.html", "name" : "http://www.mysql.com/doc/en/News-3.23.55.html", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-303", "name" : "DSA-303", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743", "name" : "CLA-2003:743", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html", "name" : "ESA-20030220-004", "refsource" : "ENGARDE", "tags" : [ ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:013", "name" : "MDKSA-2003:013", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-093.html", "name" : "RHSA-2003:093", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-094.html", "name" : "RHSA-2003:094", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-166.html", "name" : "RHSA-2003:166", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6718", "name" : "6718", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.iss.net/security_center/static/11199.php", "name" : "mysql-mysqlchangeuser-doublefree-dos(11199)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104385719107879&w=2", "name" : "20030129 [OpenPKG-SA-2003.008] OpenPKG Security Advisory (mysql)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A436", "name" : "oval:org.mitre.oval:def:436", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.31:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.53:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.54:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.47:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.52:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-19T05:00Z", "lastModifiedDate" : "2019-10-07T16:41Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0074", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/6715", "name" : "6715", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11193.php", "name" : "plptools-plpnsfd-format-string(11193)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104386699725019&w=2", "name" : "20030129 Re: Local root vuln in SuSE 8.0 plptools package", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104385772908969&w=2", "name" : "20030129 Local root vuln in SuSE 8.0 plptools package", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions (1) debuglog, (2) errorlog, and (3) infolog." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plptools:plptools:0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-19T05:00Z", "lastModifiedDate" : "2016-10-18T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0075", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/11227.php", "name" : "bladeenc-myfseek-code-execution(11227)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.pivx.com/luigi/adv/blade942-adv.txt", "name" : "http://www.pivx.com/luigi/adv/blade942-adv.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6745", "name" : "6745", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=104428700106672&w=2", "name" : "20030202 Bladeenc 0.94.2 code execution", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104446346127432&w=2", "name" : "GLSA-200302-04", "refsource" : "GENTOO", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a \"fmt\" wave chunk." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bladeenc:bladeenc:0.94.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bladeenc:bladeenc:0.94.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bladeenc:bladeenc:0.94.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bladeenc:bladeenc:0.92.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bladeenc:bladeenc:0.93.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-19T05:00Z", "lastModifiedDate" : "2016-10-18T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0076", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://dc.ketelhot.de/pipermail/dc/2003-January/000094.html", "name" : "http://dc.ketelhot.de/pipermail/dc/2003-January/000094.html", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11246.php", "name" : "qtdcgui-directory-download-files(11246)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=104437720116243&w=2", "name" : "20030204 GLSA: qt-dcgui", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the directory parser for Direct Connect 4 Linux (dcgui) before 0.2.2 allows remote attackers to read files outside the sharelist." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dcgui:dcgui:0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dcgui:dcgui:0.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qt-dcgui:qt-dcgui:0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qt-dcgui:qt-dcgui:0.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-19T05:00Z", "lastModifiedDate" : "2016-10-18T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0077", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11414.php", "name" : "terminal-emulator-window-title(11414)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-070.html", "name" : "RHSA-2003:070", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-071.html", "name" : "RHSA-2003:071", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.osvdb.org/4917", "name" : "4917", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and possibly later versions, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hanterm:hanterm-xf:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-18T05:00Z", "lastModifiedDate" : "2016-10-18T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0078", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openssl.org/news/secadv_20030219.txt", "name" : "http://www.openssl.org/news/secadv_20030219.txt", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-253", "name" : "DSA-253", "refsource" : "DEBIAN", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11369.php", "name" : "ssl-cbc-information-leak(11369)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570", "name" : "CLSA-2003:570", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html", "name" : "ESA-20030220-005", "refsource" : "ENGARDE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-062.html", "name" : "RHSA-2003:062", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-063.html", "name" : "RHSA-2003:063", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-082.html", "name" : "RHSA-2003:082", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-104.html", "name" : "RHSA-2003:104", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-205.html", "name" : "RHSA-2003:205", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I", "name" : "20030501-01-I", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://www.trustix.org/errata/2003/0005", "name" : "2003-0005", "refsource" : "TRUSTIX", "tags" : [ ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020", "name" : "MDKSA-2003:020", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc", "name" : "NetBSD-SA2003-001", "refsource" : "NETBSD", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-051.shtml", "name" : "N-051", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6884", "name" : "6884", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/3945", "name" : "3945", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104568426824439&w=2", "name" : "20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104567627211904&w=2", "name" : "20030219 OpenSSL 0.9.7a and 0.9.6i released", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104577183206905&w=2", "name" : "GLSA-200302-10", "refsource" : "GENTOO", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the \"Vaudenay timing attack.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.8:pre-release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2016-10-18T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0079", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11415.php", "name" : "terminal-emulator-dec-udk(11415)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-070.html", "name" : "RHSA-2003:070", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-071.html", "name" : "RHSA-2003:071", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6944", "name" : "6944", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/4918", "name" : "4918", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2", "name" : "20030224 Terminal Emulator Security Issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The DEC UDK processing feature in the hanterm (hanterm-xf) terminal emulator before 2.0.5 allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hanterm:hanterm-xf:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2016-10-18T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0080", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-072.html", "name" : "RHSA-2003:072", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7128", "name" : "7128", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/4400", "name" : "4400", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11552", "name" : "gnomelokkit-forward-bypass-firewall(11552)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gnome-lokkit:0.50_21:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0081", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.guninski.com/etherre.html", "name" : "http://www.guninski.com/etherre.html", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ethereal.com/appnotes/enpa-sa-00008.html", "name" : "http://www.ethereal.com/appnotes/enpa-sa-00008.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7049", "name" : "7049", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-258", "name" : "DSA-258", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://seclists.org/lists/fulldisclosure/2003/Mar/0080.html", "name" : "20030308 Ethereal format string bug, yet still ethereal much better than windows", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000627", "name" : "CLSA-2003:627", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.linuxsecurity.com/advisories/gentoo_advisory-2949.html", "name" : "GLSA-200303-10", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:051", "name" : "MDKSA-2003:051", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-076.html", "name" : "RHSA-2003:076", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html", "name" : "RHSA-2003:077", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_019_ethereal.html", "name" : "SuSE-SA:2003:019", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A54", "name" : "oval:org.mitre.oval:def:54", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11497", "name" : "ethereal-socks-format-string(11497)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.8.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-18T05:00Z", "lastModifiedDate" : "2017-10-10T01:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0082", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt", "name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-266", "name" : "DSA-266", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html", "name" : "RHSA-2003:051", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html", "name" : "RHSA-2003:052", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-091.html", "name" : "RHSA-2003:091", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1", "name" : "54042", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7185", "name" : "7185", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4430", "name" : "oval:org.mitre.oval:def:4430", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2536", "name" : "oval:org.mitre.oval:def:2536", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A244", "name" : "oval:org.mitre.oval:def:244", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316960/30/25250/threaded", "name" : "20030331 GLSA: krb5 & mit-krb5 (200303-28)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka \"buffer underrun\")." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.3:alpha1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos:1.2.2.beta1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2020-01-21T15:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0083", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_log_config.c?only_with_tag=APACHE_1_3_25", "name" : "http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_log_config.c?only_with_tag=APACHE_1_3_25", "refsource" : "CONFIRM", "tags" : [ "Broken Link" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-139.html", "name" : "RHSA-2003:139", "refsource" : "REDHAT", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH", "name" : "http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH", "refsource" : "CONFIRM", "tags" : [ "Broken Link" ] }, { "url" : "http://secunia.com/advisories/8146", "name" : "8146", "refsource" : "SECUNIA", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=108034113406858&w=2", "name" : "20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48", "refsource" : "BUGTRAQ", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=108024081011678&w=2", "name" : "20040325 GLSA200403-04 Multiple security vulnerabilities in Apache 2", "refsource" : "BUGTRAQ", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A151", "name" : "oval:org.mitre.oval:def:151", "refsource" : "OVAL", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.3.0", "versionEndExcluding" : "1.3.26", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0.0", "versionEndExcluding" : "2.0.46", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2021-07-15T20:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0084", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://rhn.redhat.com/errata/RHSA-2003-114.html", "name" : "RHSA-2003:114", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7448", "name" : "7448", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-113.html", "name" : "RHSA-2003:113", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.itlab.musc.edu/webNIS/mod_auth_any.html", "name" : "http://www.itlab.musc.edu/webNIS/mod_auth_any.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-090.shtml", "name" : "N-090", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11893", "name" : "modauthany-command-execution(11893)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_auth_any:mod_auth_any:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0085", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-262", "name" : "DSA-262", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7106", "name" : "7106", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-095.html", "name" : "RHSA-2003:095", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_016_samba.html", "name" : "SuSE-SA:2003:016", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030302-01-I", "name" : "20030302-01-I", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/298233", "name" : "VU#298233", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-11.xml", "name" : "GLSA-200303-11", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:032", "name" : "MDKSA-2003:032", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8299", "name" : "8299", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8303", "name" : "8303", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-096.html", "name" : "RHSA-2003:096", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104801012929374&w=2", "name" : "20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104792723017768&w=2", "name" : "20030317 Security Bugfix for Samba - Samba 2.2.8 Released", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104792646416629&w=2", "name" : "20030317 GLSA: samba (200303-11)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A552", "name" : "oval:org.mitre.oval:def:552", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/317145/30/25220/threaded", "name" : "IMNX-2003-7+-003-01", "refsource" : "IMMUNIX", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316165/30/25370/threaded", "name" : "20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.0a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.1a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.3a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.7a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.09:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.09.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.08:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.08.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.06:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.07:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.05:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0086", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-262", "name" : "DSA-262", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7107", "name" : "7107", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-095.html", "name" : "RHSA-2003:095", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_016_samba.html", "name" : "SuSE-SA:2003:016", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030302-01-I", "name" : "20030302-01-I", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-11.xml", "name" : "GLSA-200303-11", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:032", "name" : "MDKSA-2003:032", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8299", "name" : "8299", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8303", "name" : "8303", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-096.html", "name" : "RHSA-2003:096", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104801012929374&w=2", "name" : "20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104792646416629&w=2", "name" : "20030317 GLSA: samba (200303-11)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A554", "name" : "oval:org.mitre.oval:def:554", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316165/30/25370/threaded", "name" : "20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.1a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.0a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.7a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.3a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 1.2 }, "severity" : "LOW", "exploitabilityScore" : 1.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0087", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/advisory/02.12.03.txt", "name" : "http://www.idefense.com/advisory/02.12.03.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0066.html", "name" : "20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40307&apar=only", "name" : "IY40307", "refsource" : "AIXAPAR", "tags" : [ ] }, { "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40317&apar=only", "name" : "IY40317", "refsource" : "AIXAPAR", "tags" : [ ] }, { "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40320&apar=only", "name" : "IY40320", "refsource" : "AIXAPAR", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6840", "name" : "6840", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/7996", "name" : "7996", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104508375107938&w=2", "name" : "20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104508833214691&w=2", "name" : "20030212 libIM.a buffer overflow vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11309", "name" : "aix-aixterm-libim-bo(11309)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in libIM library (libIM.a) for National Language Support (NLS) on AIX 4.3 through 5.2 allows local users to gain privileges via several possible attack vectors, including a long -im argument to aixterm." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:national_language_support:libim:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2017-10-10T01:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0088", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a021403-1.txt", "name" : "A021403-1", "refsource" : "ATSTAKE", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11332.php", "name" : "macos-trublueenvironment-gain-privileges(11332)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://docs.info.apple.com/article.html?artnum=61798", "name" : "http://docs.info.apple.com/article.html?artnum=61798", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", "name" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6859", "name" : "6859", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2008-09-11T00:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0089", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/advisories/6030", "name" : "HPSBUX0311-293", "refsource" : "HP", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8986", "name" : "8986", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0038.html", "name" : "20031113 NSFOCUS SA2003-07: HP-UX Software Distributor Buffer Overflow Vulnerability", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106873965001431&w=2", "name" : "20031113 NSFOCUS SA2003-07: HP-UX Software Distributor Buffer Overflow Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13623", "name" : "hp-sd-utilities-bo(13623)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5466", "name" : "oval:org.mitre.oval:def:5466", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as (1) swinstall and (2) swmodify." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0090", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2000-0844. Reason: This candidate is a duplicate of CVE-2000-0844. Notes: All CVE users should reference CVE-2000-0844 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2008-09-10T19:17Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0091", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0162.html", "name" : "20030331 NSFOCUS SA2003-02: Solaris lpq Stack Buffer Overflow Vulnerability", "refsource" : "VULNWATCH", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.nsfocus.com/english/homepage/sa2003-02.htm", "name" : "http://www.nsfocus.com/english/homepage/sa2003-02.htm", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://packetstormsecurity.org/0304-advisories/sa2003-02.txt", "name" : "http://packetstormsecurity.org/0304-advisories/sa2003-02.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52443-1", "name" : "52443", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-068.shtml", "name" : "N-068", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.osvdb.org/8713", "name" : "8713", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4383", "name" : "oval:org.mitre.oval:def:4383", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316957/30/25250/threaded", "name" : "20030331 NSFOCUS SA2003-02: Solaris lpq Stack Buffer Overflow Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0092", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0163.html", "name" : "20030331 NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability", "refsource" : "VULNWATCH", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52388-1", "name" : "52388", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7240", "name" : "7240", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1905", "name" : "oval:org.mitre.oval:def:1905", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316948/30/25250/threaded", "name" : "20030331 NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0093", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=81585", "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=81585", "refsource" : "MISC", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-261", "name" : "DSA-261", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027", "name" : "MDKSA-2003:027", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-032.html", "name" : "RHSA-2003:032", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-033.html", "name" : "RHSA-2003:033", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-214.html", "name" : "RHSA-2003:214", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11324", "name" : "tcpdump-radius-decoder-dos(11324)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.4a6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2017-10-10T01:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0094", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016", "name" : "MDKSA-2003:016", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6855", "name" : "6855", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11318", "name" : "utillinux-mcookie-cookie-predictable(11318)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andries_brouwer:util-linux:2.11n:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andries_brouwer:util-linux:2.11u:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2017-10-10T01:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0095", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf", "name" : "http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-05.html", "name" : "CA-2003-05", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.iss.net/security_center/static/11328.php", "name" : "oracle-username-bo(11328)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/953746", "name" : "VU#953746", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-046.shtml", "name" : "N-046", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6849", "name" : "6849", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/6319", "name" : "6319", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104549693426042&w=2", "name" : "20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:9.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:9.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2016-10-18T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0096", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/11327.php", "name" : "oracle-totimestamptz-bo(11327)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/840666", "name" : "VU#840666", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf", "name" : "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf", "name" : "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/743954", "name" : "VU#743954", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf", "name" : "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/663786", "name" : "VU#663786", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-05.html", "name" : "CA-2003-05", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.iss.net/security_center/static/11325.php", "name" : "oracle-bfilename-directory-bo(11325)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.iss.net/security_center/static/11326.php", "name" : "oracle-tzoffset-bo(11326)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html", "name" : "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html", "name" : "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html", "name" : "20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.nextgenss.com/advisories/ora-bfilebo.txt", "name" : "http://www.nextgenss.com/advisories/ora-bfilebo.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt", "name" : "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.nextgenss.com/advisories/ora-tzofstbo.txt", "name" : "http://www.nextgenss.com/advisories/ora-tzofstbo.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-046.shtml", "name" : "N-046", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6847", "name" : "6847", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6848", "name" : "6848", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6850", "name" : "6850", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104550346303295&w=2", "name" : "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104549743326864&w=2", "name" : "20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104549782327321&w=2", "name" : "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:9.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:9.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2016-10-18T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0097", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/11343.php", "name" : "php-cgi-sapi-access(11343)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.slackware.com/changelog/current.php?cpu=i386", "name" : "http://www.slackware.com/changelog/current.php?cpu=i386", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6875", "name" : "6875", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104550977011668&w=2", "name" : "20030217 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104567137502557&w=2", "name" : "GLSA-200302-09.1", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104567042700840&w=2", "name" : "GLSA-200302-09", "refsource" : "GENTOO", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2018-10-30T16:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0098", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.diff?r1=1.5&r2=1.6", "name" : "http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.diff?r1=1.5&r2=1.6", "refsource" : "CONFIRM", "tags" : [ "Broken Link", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-277", "name" : "DSA-277", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://hsj.shadowpenguin.org/misc/apcupsd_exp.txt", "name" : "http://hsj.shadowpenguin.org/misc/apcupsd_exp.txt", "refsource" : "MISC", "tags" : [ "Broken Link" ] }, { "url" : "http://sourceforge.net/project/shownotes.php?release_id=137900", "name" : "http://sourceforge.net/project/shownotes.php?release_id=137900", "refsource" : "CONFIRM", "tags" : [ "Broken Link" ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html", "name" : "SuSE-SA:2003:022", "refsource" : "SUSE", "tags" : [ "Broken Link" ] }, { "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt", "name" : "CSSA-2003-015.0", "refsource" : "CALDERA", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securityfocus.com/bid/7200", "name" : "7200", "refsource" : "BID", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.iss.net/security_center/static/11334.php", "name" : "apcupsd-logevent-format-string(11334)", "refsource" : "XF", "tags" : [ "Broken Link" ] }, { "url" : "http://securitytracker.com/id?1006108", "name" : "1006108", "refsource" : "SECTRACK", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:018", "name" : "MDKSA-2003:018", "refsource" : "MANDRAKE", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6828", "name" : "6828", "refsource" : "BID", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apcupsd:apcupsd:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.8.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apcupsd:apcupsd:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.10.0", "versionEndExcluding" : "3.10.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2018-09-26T15:59Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0099", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sourceforge.net/project/shownotes.php?release_id=137900", "name" : "http://sourceforge.net/project/shownotes.php?release_id=137900", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-277", "name" : "DSA-277", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11491.php", "name" : "apcupsd-vsprintf-multiple-bo(11491)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://sourceforge.net/project/shownotes.php?release_id=137892", "name" : "http://sourceforge.net/project/shownotes.php?release_id=137892", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7200", "name" : "7200", "refsource" : "BID", "tags" : [ ] }, { "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt", "name" : "CSSA-2003-015.0", "refsource" : "CALDERA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:018", "name" : "MDKSA-2003:018", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html", "name" : "SuSE-SA:2003:022", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1006108", "name" : "1006108", "refsource" : "SECTRACK", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apc:apcupsd:3.8.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2008-09-10T19:17Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0100", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/11373.php", "name" : "cisco-ios-ospf-bo(11373)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6895", "name" : "6895", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104587206702715&w=2", "name" : "20030221 Re: Cisco IOS OSPF exploit", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104576100719090&w=2", "name" : "20030220 Cisco IOS OSPF exploit", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(15\\)ca:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(15\\)ia:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(24b\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(28a\\)ct:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1aa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1ca:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(17\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(19\\)gs0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(4\\)f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(4\\)f1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(9\\)p:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2xa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(36\\)ca2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1ct:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(13\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(16\\)aa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3na:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(1\\)xb:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1cc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(1\\)xe:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2wa4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(11\\)st4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3t:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(23a\\)bc1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(19a\\)gs6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(14\\)st:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(28a\\)ia:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(16\\)ia:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3\\(2\\)xa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(11a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3\\(11c\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(9\\)xa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3xa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xk:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(16.06\\)s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2bc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)xk2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(17a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7.4\\)s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xj:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(2\\)xd:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(9\\)s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5.3\\)wc1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(4\\)xaf:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(9\\)s8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(12a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3\\(1\\)ed:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xb:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(14a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(3d\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3\\(7\\)db1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(10\\)w5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(16\\)w5\\(21\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(10\\)s7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5.4\\)wc1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(14\\)w5\\(20\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0sp:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(2\\)xc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3\\(8\\)db2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(17\\)st5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)xe:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)xn:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(4\\)s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(13\\)s6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(4\\)xa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xi:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)wx5\\(15a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(12\\)s3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3wa4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(16\\)sc3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(8\\)s1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xr:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)t1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(15\\)s3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(13\\)wt6\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(9\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xq:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(16a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(18\\)s5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(16\\)st1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1ia:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(9a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xd:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)db2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3da:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(2\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(8\\)sa3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xl:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(8\\)p:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xs:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(13\\)ca:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(17\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(17\\)sl2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(14\\)st3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xh:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0t:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(10\\)w5\\(18g\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)xv:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(13\\)w5\\(19c\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(4\\)xe:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xu:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(3\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(26a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)t:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(8\\)sa1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2p:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0sl:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3db:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0db:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(6b\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(10\\)w5\\(18f\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(2\\)xf:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)t2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3aa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5.2\\)xu:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)xk3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(8a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(17\\)cc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)xf:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)dc1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)xe:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0sc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(26\\)p2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(4\\)t:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0da:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(15\\)s6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(17\\)ct:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(13\\)aa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0wx:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xm:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(18b\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(8\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc2b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0wt:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(18\\)s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)xe2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)t:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(36\\)cc4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xg:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3\\(11\\)b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5.1\\)xp:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(36\\)cc2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)xk:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(3\\)t2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(17\\)st1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0sx:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)xn1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3\\(1\\)t:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(17\\)sl6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2gs:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(2\\)xe:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)xs:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3\\(11b\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)sc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3ma:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)yb4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0dc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xe:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(1\\)w:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(4\\)xm:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(8.0.2\\)s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(13\\)ia:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(15\\)aa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(14\\)s7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(20\\)aa4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)xk:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(8.3\\)sc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(16\\)s8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(2\\)xg:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(15a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)s1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(4\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(4\\)xe1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(7\\)aa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2sa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(7\\)ca:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)xf1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(10a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(18\\)st1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3\\(11b\\)t2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(26b\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0w5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(9\\)ia:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(8.9\\)sa6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xn:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)xu:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3ha:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(13a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(1\\)xa3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0wc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(8\\)sa5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(2b\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(17\\)s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(11\\)s6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(18\\)w5\\(22b\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)wx:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xw:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2wa3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc3b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(10\\)bc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(11b\\)t2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(24a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xp:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xv:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xf:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(4\\)xm1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(17\\)s4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2016-10-18T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0101", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/11390.php", "name" : "webmin-usermin-root-access(11390)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.lac.co.jp/security/english/snsadv_e/62_e.html", "name" : "http://www.lac.co.jp/security/english/snsadv_e/62_e.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-319", "name" : "DSA-319", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html", "name" : "ESA-20030225-006", "refsource" : "ENGARDE", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html", "name" : "HPSBUX0303-250", "refsource" : "HP", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I", "name" : "20030602-01-I", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-058.shtml", "name" : "N-058", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6915", "name" : "6915", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html", "name" : "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025", "name" : "MDKSA-2003:025", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8115", "name" : "8115", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8163", "name" : "8163", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006160", "name" : "1006160", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://marc.info/?l=webmin-announce&m=104587858408101&w=2", "name" : "http://marc.info/?l=webmin-announce&m=104587858408101&w=2", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104610336226274&w=2", "name" : "20030224 GLSA: usermin (200302-14)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104610245624895&w=2", "name" : "20030224 Webmin 1.050 - 1.060 remote exploit", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104610300325629&w=2", "name" : "20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability \"Episode 2\"", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:engardelinux:guardian_digital_webtool:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-03T05:00Z", "lastModifiedDate" : "2016-10-18T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0102", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/advisory/03.04.03.txt", "name" : "http://www.idefense.com/advisory/03.04.03.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7008", "name" : "7008", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-260", "name" : "DSA-260", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://lwn.net/Alerts/34908/", "name" : "IMNX-2003-7+-012-01", "refsource" : "IMMUNIX", "tags" : [ ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030", "name" : "MDKSA-2003:030", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc", "name" : "NetBSD-SA2003-003", "refsource" : "NETBSD", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_017_file.html", "name" : "SuSE-SA:2003:017", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-086.html", "name" : "RHSA-2003:086", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-087.html", "name" : "RHSA-2003:087", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/611865", "name" : "VU#611865", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=104680706201721&w=2", "name" : "20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469", "name" : "file-afctr-read-bo(11469)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:file:file:3.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:file:file:3.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:file:file:3.28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:file:file:3.37:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:file:file:3.39:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:file:file:3.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:file:file:3.33:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:file:file:3.34:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:file:file:3.35:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:file:file:3.36:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-18T05:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0103", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/6952", "name" : "6952", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11421.php", "name" : "nokia-6210-vcard-dos(11421)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:nokia:6210_handset:5.27:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-07T05:00Z", "lastModifiedDate" : "2008-09-05T20:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0104", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999", "name" : "20030310 PeopleSoft PeopleTools Remote Command Execution Vulnerability", "refsource" : "ISS", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/10962.php", "name" : "peoplesoft-schedulertransfer-create-files(10962)", "refsource" : "XF", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7053", "name" : "7053", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.41:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-18T05:00Z", "lastModifiedDate" : "2008-09-05T20:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0105", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.corsaire.com/advisories/c030224-001.txt", "name" : "http://www.corsaire.com/advisories/c030224-001.txt", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=109215441332682&w=2", "name" : "20040810 Corsaire Security Advisory - Port80 Software ServerMask inconsistencies", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16947", "name" : "servermask-header-obtain-info(16947)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Status Message, or (3) Allow HTTP responses, which could tell remote attackers that the web server is an IIS server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:port80_software:servermask:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-09-28T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0106", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2003032507434754", "name" : "http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2003032507434754", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7196", "name" : "7196", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0152.html", "name" : "20030326 Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) H TTP URL pattern evasion issue", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104869513822233&w=2", "name" : "20030326 Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) H TTP URL pattern evasion issue", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=104868285106289&w=2", "name" : "20030326 Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) H TTP URL pattern evasion issue", "refsource" : "NTBUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:enterprise_firewall:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2016-10-18T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0107", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://online.securityfocus.com/archive/1/312869", "name" : "20030222 buffer overrun in zlib 1.1.4", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.iss.net/security_center/static/11381.php", "name" : "zlib-gzprintf-bo(11381)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html", "name" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt", "name" : "CSSA-2003-011.0", "refsource" : "CALDERA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619", "name" : "CLSA-2003:619", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033", "name" : "MDKSA-2003:033", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc", "name" : "NetBSD-SA2003-004", "refsource" : "NETBSD", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-079.html", "name" : "RHSA-2003:079", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-081.html", "name" : "RHSA-2003:081", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405", "name" : "57405", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/142121", "name" : "VU#142121", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6913", "name" : "6913", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/6599", "name" : "6599", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104620610427210&w=2", "name" : "20030225 [sorcerer-spells] ZLIB-SORCERER2003-02-25", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104887247624907&w=2", "name" : "GLSA-200303-25", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104610536129508&w=2", "name" : "20030224 Re: buffer overrun in zlib 1.1.4", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104610337726297&w=2", "name" : "20030223 poc zlib sploit just for fun :)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.html", "name" : "JVNDB-2015-000066", "refsource" : "JVNDB", "tags" : [ ] }, { "url" : "http://jvn.jp/en/jp/JVN78689801/index.html", "name" : "JVN#78689801", "refsource" : "JVN", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:zlib:1.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-07T05:00Z", "lastModifiedDate" : "2017-01-03T02:59Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0108", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/6974", "name" : "6974", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.idefense.com/advisory/02.27.03.txt", "name" : "http://www.idefense.com/advisory/02.27.03.txt", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-255", "name" : "DSA-255", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11434.php", "name" : "tcpdump-isakmp-dos(11434)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000629", "name" : "CLA-2003:629", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027", "name" : "MDKSA-2003:027", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-032.html", "name" : "RHSA-2003:032", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-085.html", "name" : "RHSA-2003:085", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-214.html", "name" : "RHSA-2003:214", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_015_tcpdump.html", "name" : "SuSE-SA:2003:0015", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104637420104189&w=2", "name" : "20030227 iDEFENSE Security Advisory 02.27.03: TCPDUMP Denial of Service Vulnerability in ISAKMP Packet Parsin", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104678787109030&w=2", "name" : "20030304 [OpenPKG-SA-2003.014] OpenPKG Security Advisory (tcpdump)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-07T05:00Z", "lastModifiedDate" : "2016-10-18T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0109", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=22029", "name" : "20030317 Microsoft IIS WebDAV Remote Compromise Vulnerability", "refsource" : "ISS", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-09.html", "name" : "CA-2003-09", "refsource" : "CERT", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.iss.net/security_center/static/11533.php", "name" : "http-webdav-long-request(11533)", "refsource" : "XF", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7116", "name" : "7116", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.nextgenss.com/papers/ms03-007-ntdll.pdf", "name" : "http://www.nextgenss.com/papers/ms03-007-ntdll.pdf", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/117394", "name" : "VU#117394", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-4844-B62E-C69D32AC929B&displaylang=en", "name" : "http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-4844-B62E-C69D32AC929B&displaylang=en", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104869293619064&w=2", "name" : "20030326 WebDAV exploit: using wide character decoder scheme", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104887148323552&w=2", "name" : "20030328 Fate Research Labs Presents: Analysis of the NTDLL.DLL Exploit", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105768156625699&w=2", "name" : "20030708 WDAV exploit without netcat and with pretty magic number", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104861839130254&w=2", "name" : "20030325 IIS 5.0 WebDAV -Proof of concept-. Fully documented.", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104826476427372&w=2", "name" : "20030321 New attack vectors and a vulnerability dissection of MS03-007", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=104826785731151&w=2", "name" : "20030321 New attack vectors and a vulnerability dissection of MS03-007", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A109", "name" : "oval:org.mitre.oval:def:109", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q815021", "name" : "Q815021", "refsource" : "MSKB", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-007", "name" : "MS03-007", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-31T05:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0110", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/advisory/04.09.03.txt", "name" : "http://www.idefense.com/advisory/04.09.03.txt", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=104994487012027&w=2", "name" : "20030409 iDEFENSE Security Advisory 04.09.03: Denial of Service in Microsoft Proxy Server and Internet Security and Acceleration Server 2000", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A406", "name" : "oval:org.mitre.oval:def:406", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-012", "name" : "MS03-012", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:isa_server:2000:fp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:isa_server:2000:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:proxy_server:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:proxy_server:2.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:isa_server:2000:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-05T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0111", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/447569", "name" : "VU#447569", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.iss.net/security_center/static/11751.php", "name" : "msvm-bytecode-improper-validation(11751)", "refsource" : "XF", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A136", "name" : "oval:org.mitre.oval:def:136", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-011", "name" : "MS03-011", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka \"Flaw in Microsoft VM Could Enable System Compromise.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:virtual_machine:3802:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:virtual_machine:3805:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:virtual_machine:3809:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-05T04:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0112", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7370", "name" : "7370", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/446338", "name" : "VU#446338", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11803", "name" : "win-kernel-lpcrequestwaitreplyport-bo(11803)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A779", "name" : "oval:org.mitre.oval:def:779", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3145", "name" : "oval:org.mitre.oval:def:3145", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A262", "name" : "oval:org.mitre.oval:def:262", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2265", "name" : "oval:org.mitre.oval:def:2265", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2022", "name" : "oval:org.mitre.oval:def:2022", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A142", "name" : "oval:org.mitre.oval:def:142", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1264", "name" : "oval:org.mitre.oval:def:1264", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-013", "name" : "MS03-013", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0113", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/169753", "name" : "VU#169753", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105138417416900&w=2", "name" : "20030426 Buffer overflow in Internet Explorer's HTTP parsing code", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105718285107246&w=2", "name" : "20030701 URLMON.DLL buffer overflow - technical details", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926", "name" : "oval:org.mitre.oval:def:926", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015", "name" : "MS03-015", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0114", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=104429340817718&w=2", "name" : "20030203 internet explorer local file reading", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A963", "name" : "oval:org.mitre.oval:def:963", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015", "name" : "MS03-015", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0115", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/11848.php", "name" : "ie-improper-thirdparty-rendering(11848)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015", "name" : "MS03-015", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the \"Third Party Plugin Rendering\" vulnerability, a different vulnerability than CVE-2003-0233." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0116", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/6306", "name" : "6306", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/301945", "name" : "20021203 Poisonous Style for Dialog window turns the zone off.", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/244729", "name" : "VU#244729", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015", "name" : "MS03-015", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka \"Modal Dialog script execution.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0117", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105216866132289&w=2", "name" : "20030505 Microsoft Biztalk Server ISAPI HTTP Receive function buffer overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-016", "name" : "MS03-016", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2002:*:developer:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2002:*:enterprise:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0118", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105216839231951&w=2", "name" : "20030505 Microsoft Biztalk Server DTA vulnerable to SQL injection", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-016", "name" : "MS03-016", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2000:sp1a:developer:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2000:sp1a:enterprise:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2000:sp1a:standard:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2000:sp2:developer:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2000:*:developer:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2000:sp2:enterprise:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2000:sp2:standard:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2000:*:enterprise:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2000:*:standard:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2002:*:developer:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2002:*:enterprise:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0119", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/624713", "name" : "VU#624713", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7264", "name" : "7264", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-1.ibm.com/services/continuity/recover1.nsf/4699c03b46f2d4f68525678c006d45ae/85256a3400529a8685256cde0008ddde?OpenDocument", "name" : "MSS-OAR-E01-2003:0245.1", "refsource" : "IBM", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8221", "name" : "8221", "refsource" : "SECUNIA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-03T05:00Z", "lastModifiedDate" : "2008-09-05T20:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0120", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-256", "name" : "DSA-256", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6978", "name" : "6978", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.iss.net/security_center/static/11439.php", "name" : "mhc-adb2mhc-insecure-tmp(11439)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mhc-utils:mhc-utils:0.25_snap2001-06-25:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 1.2 }, "severity" : "LOW", "exploitabilityScore" : 1.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-07T05:00Z", "lastModifiedDate" : "2008-09-05T20:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0121", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7044", "name" : "7044", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/316311", "name" : "20030326 RE: Corsaire Security Advisory - Clearswift MAILsweeper MIME attachment evasion issue", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104716030503607&w=2", "name" : "20030307 Corsaire Security Advisory - Clearswift MAILsweeper MIME attachment evasion issue", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Clearswift MAILsweeper 4.x allows remote attackers to bypass attachment detection via an attachment that does not specify a MIME-Version header field, which is processed by some mail clients." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-18T05:00Z", "lastModifiedDate" : "2016-10-18T02:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0122", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105101", "name" : "http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105101", "refsource" : "CONFIRM", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securityfocus.com/bid/7037", "name" : "7037", "refsource" : "BID", "tags" : [ "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory" ] }, { "url" : "http://www.rapid7.com/advisories/R7-0010.html", "name" : "http://www.rapid7.com/advisories/R7-0010.html", "refsource" : "MISC", "tags" : [ "Not Applicable" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html", "name" : "20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication", "refsource" : "VULNWATCH", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-11.html", "name" : "CA-2003-11", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/433489", "name" : "VU#433489", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-065.shtml", "name" : "N-065", "refsource" : "CIAC", "tags" : [ "Broken Link" ] }, { "url" : "http://marc.info/?l=bugtraq&m=104757319829443&w=2", "name" : "20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication", "refsource" : "BUGTRAQ", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11526", "name" : "lotus-nrpc-bo(11526)", "refsource" : "XF", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.6a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.7a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:r5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:4.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.8a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:4.6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.4a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:4.6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.9a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.9a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-18T05:00Z", "lastModifiedDate" : "2017-12-12T17:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0123", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060", "name" : "http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7038", "name" : "7038", "refsource" : "BID", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.rapid7.com/advisories/R7-0011.html", "name" : "http://www.rapid7.com/advisories/R7-0011.html", "refsource" : "MISC", "tags" : [ "Not Applicable" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-11.html", "name" : "CA-2003-11", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/411489", "name" : "VU#411489", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-065.shtml", "name" : "N-065", "refsource" : "CIAC", "tags" : [ "Broken Link" ] }, { "url" : "http://marc.info/?l=bugtraq&m=104757545500368&w=2", "name" : "20030313 R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11525", "name" : "lotus-web-retriever-bo(11525)", "refsource" : "XF", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:4.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.7a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.8a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:4.6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.6a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:r5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.4a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:4.6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.9a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.9a:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-18T05:00Z", "lastModifiedDate" : "2017-11-22T14:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0124", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7066", "name" : "7066", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000620", "name" : "CLSA-2003:620", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-133.html", "name" : "RHSA-2003:133", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-134.html", "name" : "RHSA-2003:134", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104802285112752&w=2", "name" : "GLSA-200303-13", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104740927915154&w=2", "name" : "20030311 Vulnerability in man < 1.5l", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11512", "name" : "man-myxsprintf-code-execution(11512)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value \"unsafe,\" which is then executed as a program via a system call if it is in the search path of the user who runs man." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:1.5h1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:1.5i:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:1.5i2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:1.5j:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:1.5k:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-18T05:00Z", "lastModifiedDate" : "2017-10-10T01:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0125", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.krusesecurity.dk/advisories/routefind550bof.txt", "name" : "http://www.krusesecurity.dk/advisories/routefind550bof.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "ftp://ftp.multitech.com/Routers/RF550VPN.TXT", "name" : "ftp://ftp.multitech.com/Routers/RF550VPN.TXT", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7067", "name" : "7067", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11514", "name" : "routefinder-vpn-options-bo(11514)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the web interface for SOHO Routefinder 550 before firmware 4.63 allows remote attackers to cause a denial of service (reboot) and execute arbitrary code via a long GET /OPTIONS value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:multitech:routefinder_550_vpn:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.63", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-18T05:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0126", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.krusesecurity.dk/advisories/routefind550bof.txt", "name" : "http://www.krusesecurity.dk/advisories/routefind550bof.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default \"admin\" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:multitech:routefinder_550_vpn:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.63", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:multitech:routefinder_550_vpn:4.64_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-18T05:00Z", "lastModifiedDate" : "2008-09-05T20:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0127", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://rhn.redhat.com/errata/RHSA-2003-098.html", "name" : "RHSA-2003:098", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/628849", "name" : "VU#628849", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2003-088.html", "name" : "RHSA-2003:088", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-270", "name" : "DSA-270", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-276", "name" : "DSA-276", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-311", "name" : "DSA-311", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-312", "name" : "DSA-312", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-332", "name" : "DSA-332", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-336", "name" : "DSA-336", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-423", "name" : "DSA-423", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-495", "name" : "DSA-495", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-020.0.txt", "name" : "CSSA-2003-020.0", "refsource" : "CALDERA", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-145.html", "name" : "RHSA-2003:145", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://security.gentoo.org/glsa/glsa-200303-17.xml", "name" : "GLSA-200303-17", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html", "name" : "20030317 Fwd: Ptrace hole / Linux 2.2.25", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-103.html", "name" : "RHSA-2003:103", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:038", "name" : "MDKSA-2003:038", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:039", "name" : "MDKSA-2003:039", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105301461726555&w=2", "name" : "ESA-20030515-017", "refsource" : "ENGARDE", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A254", "name" : "oval:org.mitre.oval:def:254", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-31T05:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0128", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10", "name" : "http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7117", "name" : "7117", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html", "name" : "20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-108.html", "name" : "RHSA-2003:108", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000648", "name" : "CLA-2003:648", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml", "name" : "GLSA-200303-18", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:045", "name" : "MDKSA-2003:045", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104826470527308&w=2", "name" : "20030321 GLSA: evolution (200303-18)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A107", "name" : "oval:org.mitre.oval:def:107", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-24T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0129", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10", "name" : "http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7118", "name" : "7118", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html", "name" : "20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-108.html", "name" : "RHSA-2003:108", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000648", "name" : "CLA-2003:648", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml", "name" : "GLSA-200303-18", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:045", "name" : "MDKSA-2003:045", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104826470527308&w=2", "name" : "20030321 GLSA: evolution (200303-18)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A108", "name" : "oval:org.mitre.oval:def:108", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-24T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0130", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10", "name" : "http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7119", "name" : "7119", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html", "name" : "20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-108.html", "name" : "RHSA-2003:108", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000648", "name" : "CLA-2003:648", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml", "name" : "GLSA-200303-18", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:045", "name" : "MDKSA-2003:045", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104826470527308&w=2", "name" : "20030321 GLSA: evolution (200303-18)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A111", "name" : "oval:org.mitre.oval:def:111", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-24T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0131", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://eprint.iacr.org/2003/052/", "name" : "http://eprint.iacr.org/2003/052/", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7148", "name" : "7148", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/888801", "name" : "VU#888801", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-007.txt.asc", "name" : "NetBSD-SA2003-007", "refsource" : "NETBSD", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-101.html", "name" : "RHSA-2003:101", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-102.html", "name" : "RHSA-2003:102", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-288", "name" : "DSA-288", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I", "name" : "20030501-01-I", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html", "name" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.openssl.org/news/secadv_20030319.txt", "name" : "http://www.openssl.org/news/secadv_20030319.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625", "name" : "CLA-2003:625", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt", "name" : "CSSA-2003-014.0", "refsource" : "CALDERA", "tags" : [ ] }, { "url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-20.xml", "name" : "GLSA-200303-20", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://www.openpkg.org/security/OpenPKG-SA-2003.026-openssl.html", "name" : "OpenPKG-SA-2003.026", "refsource" : "OPENPKG", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:035", "name" : "MDKSA-2003:035", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104852637112330&w=2", "name" : "20030324 GLSA: openssl (200303-20)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104811162730834&w=2", "name" : "20030319 [OpenSSL Advisory] Klima-Pokorny-Rosa attack on PKCS #1 v1.5 padding", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104878215721135&w=2", "name" : "2003-0013", "refsource" : "TRUSTIX", "tags" : [ ] }, { "url" : "https://lists.opensuse.org/opensuse-security-announce/2003-04/msg00005.html", "name" : "SuSE-SA:2003:024", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html", "name" : "http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11586", "name" : "ssl-premaster-information-leak(11586)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A461", "name" : "oval:org.mitre.oval:def:461", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316577/30/25310/threaded", "name" : "IMNX-2003-7+-001-01", "refsource" : "IMMUNIX", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the \"Klima-Pokorny-Rosa attack.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-24T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0132", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-772" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/advisory/04.08.03.txt", "name" : "http://www.idefense.com/advisory/04.08.03.txt", "refsource" : "MISC", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-139.html", "name" : "RHSA-2003:139", "refsource" : "REDHAT", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html", "name" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html", "refsource" : "CONFIRM", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/206537", "name" : "VU#206537", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147", "name" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147", "refsource" : "MISC", "tags" : [ "Broken Link" ] }, { "url" : "http://secunia.com/advisories/8499", "name" : "8499", "refsource" : "SECUNIA", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://secunia.com/advisories/34920", "name" : "34920", "refsource" : "SECUNIA", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.vupen.com/english/advisories/2009/1233", "name" : "ADV-2009-1233", "refsource" : "VUPEN", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105013378320711&w=2", "name" : "20030411 PATCH: [CAN-2003-0132] Apache 2.0.44 Denial of Service", "refsource" : "BUGTRAQ", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=104994309010974&w=2", "name" : "20030408 Exploit Code Released for Apache 2.x Memory Leak", "refsource" : "BUGTRAQ", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105001663120995&w=2", "name" : "20030410 working apache <= 2.0.44 DoS exploit for linux.", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=104931360606484&w=2", "name" : "20030402 [ANNOUNCE] Apache 2.0.45 Released", "refsource" : "BUGTRAQ", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=104982175321731&w=2", "name" : "20030408 iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x", "refsource" : "BUGTRAQ", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=104994239010517&w=2", "name" : "20030409 GLSA: apache (200304-01)", "refsource" : "BUGTRAQ", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A156", "name" : "oval:org.mitre.oval:def:156", "refsource" : "OVAL", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ "Mailing List", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0.0", "versionEndIncluding" : "2.0.44", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-11T04:00Z", "lastModifiedDate" : "2021-07-15T20:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0133", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-126.html", "name" : "RHSA-2003:126", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000737", "name" : "CLA-2003:737", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:046", "name" : "MDKSA-2003:046", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A138", "name" : "oval:org.mitre.oval:def:138", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gtkhtml:1.1.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gtkhtml:1.1.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-05T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0134", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://cvs.apache.org/viewcvs/apr/file_io/os2/filestat.c.diff?r1=1.34&r2=1.35", "name" : "http://cvs.apache.org/viewcvs/apr/file_io/os2/filestat.c.diff?r1=1.34&r2=1.35", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105418115512559&w=2", "name" : "20030528 [SECURITY] [ANNOUNCE] Apache 2.0.46 released", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104931360606484&w=2", "name" : "20030402 [ANNOUNCE] Apache 2.0.45 Released", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-11T04:00Z", "lastModifiedDate" : "2021-06-06T11:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0135", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-084.html", "name" : "RHSA-2003:084", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7253", "name" : "7253", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A634", "name" : "oval:org.mitre.oval:def:634", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-11T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0136", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-285", "name" : "DSA-285", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-142.html", "name" : "RHSA-2003:142", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=188366", "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=188366", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A423", "name" : "oval:org.mitre.oval:def:423", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:astart_technologies:lprng:3.8.10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:astart_technologies:lprng:3.8.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:astart_technologies:lprng:3.8.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:astart_technologies:lprng:3.7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-05T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0137", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a031303-2.txt", "name" : "A031303-2", "refsource" : "ATSTAKE", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/8301", "name" : "8301", "refsource" : "SECUNIA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nokia:sgsn_dx200:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-18T05:00Z", "lastModifiedDate" : "2008-09-10T19:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0138", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-266", "name" : "DSA-266", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt", "name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/623217", "name" : "VU#623217", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.debian.org/security/2003/dsa-269", "name" : "DSA-269", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-273", "name" : "DSA-273", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html", "name" : "RHSA-2003:051", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html", "name" : "RHSA-2003:052", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-091.html", "name" : "RHSA-2003:091", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7113", "name" : "7113", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104791775804776&w=2", "name" : "20030317 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A248", "name" : "oval:org.mitre.oval:def:248", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316960/30/25250/threaded", "name" : "20030331 GLSA: krb5 & mit-krb5 (200303-28)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos:4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-24T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0139", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt", "name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/442569", "name" : "VU#442569", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.debian.org/security/2003/dsa-266", "name" : "DSA-266", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-273", "name" : "DSA-273", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html", "name" : "RHSA-2003:051", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html", "name" : "RHSA-2003:052", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-091.html", "name" : "RHSA-2003:091", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104791775804776&w=2", "name" : "20030319 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A250", "name" : "oval:org.mitre.oval:def:250", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/317130/30/25250/threaded", "name" : "20030330 GLSA: openafs (200303-26)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316960/30/25250/threaded", "name" : "20030331 GLSA: krb5 & mit-krb5 (200303-28)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and \"ticket splicing.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mit:kerberos:4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-24T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0140", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/315679", "name" : "20030319 mutt-1.4.1 fixes a buffer overflow.", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7120", "name" : "7120", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-268", "name" : "DSA-268", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_020_mutt.html", "name" : "SuSE-SA:2003:020", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-109.html", "name" : "RHSA-2003:109", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10", "name" : "http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000626", "name" : "CLA-2003:626", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000630", "name" : "CLA-2003:630", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-19.xml", "name" : "GLSA-200303-19", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:041", "name" : "MDKSA-2003:041", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105171507629573&w=2", "name" : "20030430 GLSA: balsa (200304-10)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104852190605988&w=2", "name" : "20030322 GLSA: mutt (200303-19)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104817995421439&w=2", "name" : "20030320 [OpenPKG-SA-2003.025] OpenPKG Security Advisory (mutt)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104818814931378&w=2", "name" : "20030320 CORE-20030304-02: Vulnerability in Mutt Mail User Agent", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11583", "name" : "mutt-folder-name-bo(11583)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A434", "name" : "oval:org.mitre.oval:def:434", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2", "name" : "oval:org.mitre.oval:def:2", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.27:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.25:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-24T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0141", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10", "name" : "http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7177", "name" : "7177", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html", "name" : "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/705761", "name" : "VU#705761", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=104887465427579&w=2", "name" : "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:9.0.0.288:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:9.0.0.297:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.10.505:gold:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.1 }, "severity" : "MEDIUM", "exploitabilityScore" : 4.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2016-10-18T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0142", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/328224", "name" : "20030708 Adobe Acrobat and PDF security: no improvements for 2 years", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/689835", "name" : "VU#689835", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Adobe Acrobat Reader (acroread) 6, under certain circumstances when running with the \"Certified plug-ins only\" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifying the CTIsCertifiedMode function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2008-09-05T20:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0143", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-259", "name" : "DSA-259", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7058", "name" : "7058", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_018_qpopper.html", "name" : "SuSE-SA:2003:018", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104792541215354&w=2", "name" : "GLSA-200303-12", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104748775900481&w=2", "name" : "20030312 Re: QPopper 4.0.x buffer overflow vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104768137314397&w=2", "name" : "20030314 [OpenPKG-SA-2003.018] OpenPKG Security Advisory (qpopper)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104739841223916&w=2", "name" : "20030310 QPopper 4.0.x buffer overflow vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11516", "name" : "qpopper-popmsg-macroname-bo(11516)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-18T05:00Z", "lastModifiedDate" : "2017-10-10T01:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0144", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7025", "name" : "7025", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch", "name" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-267", "name" : "DSA-267", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-275", "name" : "DSA-275", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P", "name" : "20030406-02-P", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_014_lprold.html", "name" : "SuSE-SA:2003:0014", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:059", "name" : "MDKSA-2003:059", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8293", "name" : "8293", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104714441925019&w=2", "name" : "20030308 OpenBSD lprm(1) exploit", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104690434504429&w=2", "name" : "20030305 potential buffer overflow in lprm (fwd)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11473", "name" : "lprm-bo(11473)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lprold:lprold:3.0.48:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:bsd:lpr:2000-05-07:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:bsd:lpr:0.48:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0145", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.tcpdump.org/tcpdump-changes.txt", "name" : "http://www.tcpdump.org/tcpdump-changes.txt", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-261", "name" : "DSA-261", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027", "name" : "MDKSA-2003:027", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-032.html", "name" : "RHSA-2003:032", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-151.html", "name" : "RHSA-2003:151", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-214.html", "name" : "RHSA-2003:214", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11857", "name" : "tcpdump-radius-attribute-dos(11857)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in tcpdump before 3.7.2 related to an inability to \"Handle unknown RADIUS attributes properly,\" allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-31T05:00Z", "lastModifiedDate" : "2017-10-10T01:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0146", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-263", "name" : "DSA-263", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-060.html", "name" : "RHSA-2003:060", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/630433", "name" : "VU#630433", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6979", "name" : "6979", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000656", "name" : "CLSA-2003:656", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104644687816522&w=2", "name" : "20030228 NetPBM, multiple vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11463", "name" : "netpbm-multiple-bo(11463)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via \"maths overflow errors\" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netpbm:netpbm:*:*:*:*:*:*:*:*", "versionEndIncluding" : "9.20", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0147", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html", "name" : "20030313 OpenSSL Private Key Disclosure", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/997481", "name" : "VU#997481", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.openssl.org/news/secadv_20030317.txt", "name" : "http://www.openssl.org/news/secadv_20030317.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf", "name" : "http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-288", "name" : "DSA-288", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035", "name" : "MDKSA-2003:035", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-101.html", "name" : "RHSA-2003:101", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-102.html", "name" : "RHSA-2003:102", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I", "name" : "20030501-01-I", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625", "name" : "CLA-2003:625", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt", "name" : "CSSA-2003-014.0", "refsource" : "CALDERA", "tags" : [ ] }, { "url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml", "name" : "GLSA-200303-23", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html", "name" : "OpenPKG-SA-2003.019", "refsource" : "OPENPKG", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104819602408063&w=2", "name" : "20030320 [OpenPKG-SA-2003.026] OpenPKG Security Advisory (openssl)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104792570615648&w=2", "name" : "20030317 [ADVISORY] Timing Attack on OpenSSL", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104829040921835&w=2", "name" : "GLSA-200303-15", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104766550528628&w=2", "name" : "20030313 Vulnerability in OpenSSL", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104861762028637&w=2", "name" : "GLSA-200303-24", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466", "name" : "oval:org.mitre.oval:def:466", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316577/30/25310/threaded", "name" : "IMNX-2003-7+-001-01", "refsource" : "IMMUNIX", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316165/30/25370/threaded", "name" : "20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms (\"Karatsuba\" and normal)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:4.02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:4.04:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:4.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:4.03:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0148", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a073103-1.txt", "name" : "A073103-1", "refsource" : "ATSTAKE", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp", "name" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0149", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a073103-1.txt", "name" : "A073103-1", "refsource" : "ATSTAKE", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp", "name" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0150", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7052", "name" : "7052", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743", "name" : "CLA-2003:743", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-303", "name" : "DSA-303", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3046.html", "name" : "ESA-20030324-012", "refsource" : "ENGARDE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-093.html", "name" : "RHSA-2003:093", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2003-094.html", "name" : "RHSA-2003:094", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/203897", "name" : "VU#203897", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:057", "name" : "MDKSA-2003:057", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104800948128630&w=2", "name" : "20030318 [OpenPKG-SA-2003.022] OpenPKG Security Advisory (mysql)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104802285012750&w=2", "name" : "20030318 GLSA: mysql (200303-14)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104715840202315&w=2", "name" : "20030308 MySQL_user_can_be_changed_to_root?", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104739810523433&w=2", "name" : "20030310 Re: MySQL user can be changed to root", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11510", "name" : "mysql-datadir-root-privileges(11510)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A442", "name" : "oval:org.mitre.oval:def:442", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the \"SELECT * INFO OUTFILE\" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.54:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.55:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.52:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.53:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-24T05:00Z", "lastModifiedDate" : "2019-10-07T16:41Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0151", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.s21sec.com/en/avisos/s21sec-011-en.txt", "name" : "http://www.s21sec.com/en/avisos/s21sec-011-en.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp", "name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7122", "name" : "7122", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7124", "name" : "7124", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104792544515384&w=2", "name" : "20030317 S21SEC-011 - Multiple vulnerabilities in BEA WebLogic Server", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104792477914620&w=2", "name" : "20030317 SPI ADVISORY: Remote Administration of BEA WebLogic Server and Express", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-24T05:00Z", "lastModifiedDate" : "2016-10-18T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0152", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-265", "name" : "DSA-265", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7162", "name" : "7162", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bonsai:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2008-09-05T20:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0153", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-265", "name" : "DSA-265", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=187230", "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=187230", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/5517", "name" : "5517", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=102980129101054&w=2", "name" : "20020819 Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9921", "name" : "bonsai-path-disclosure(9921)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bonsai:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0154", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-265", "name" : "DSA-265", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/5516", "name" : "5516", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=163573", "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=163573", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=146244", "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=146244", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.iss.net/security_center/static/9920.php", "name" : "bonsai-error-message-xss(9920)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view", "name" : "http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view", "name" : "http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=102980129101054&w=2", "name" : "20020819 Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bonsai:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2016-10-18T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0155", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-265", "name" : "DSA-265", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7163", "name" : "7163", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bonsai:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2008-09-05T20:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0156", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-264", "name" : "DSA-264", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7062", "name" : "7062", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=104739747222492&w=2", "name" : "20030311 Cross-Referencing Linux vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cross_referencer:lxr:0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cross_referencer:lxr:0.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cross_referencer:lxr:0.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cross_referencer:lxr:0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cross_referencer:lxr:0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-24T05:00Z", "lastModifiedDate" : "2016-10-18T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0157", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0138. Reason: This candidate is a reservation duplicate of CVE-2003-0138 due to incomplete coordination. Notes: All CVE users should reference CVE-2003-0138 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2003-03-24T05:00Z", "lastModifiedDate" : "2008-09-10T19:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0158", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0139. Reason: This candidate is a reservation duplicate of CVE-2003-0139 due to incomplete coordination. Notes: All CVE users should reference CVE-2003-0139 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2003-03-24T05:00Z", "lastModifiedDate" : "2008-09-10T19:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0159", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ethereal.com/appnotes/enpa-sa-00008.html", "name" : "http://www.ethereal.com/appnotes/enpa-sa-00008.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7050", "name" : "7050", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_019_ethereal.html", "name" : "SuSE-SA:2003:019", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html", "name" : "RHSA-2003:077", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:051", "name" : "MDKSA-2003:051", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104741640924709&w=2", "name" : "20030309 GLSA: ethereal (200303-10)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A55", "name" : "oval:org.mitre.oval:def:55", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.8.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0160", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988", "name" : "http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-112.html", "name" : "RHSA-2003:112", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A614", "name" : "oval:org.mitre.oval:def:614", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.2.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0161", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cert.org/advisories/CA-2003-12.html", "name" : "CA-2003-12", "refsource" : "CERT", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7230", "name" : "7230", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-120.html", "name" : "RHSA-2003:120", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.html", "name" : "20030329 Sendmail: -1 gone wild", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/897604", "name" : "VU#897604", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc", "name" : "FreeBSD-SA-03:07", "refsource" : "FREEBSD", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-121.html", "name" : "RHSA-2003:121", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt", "name" : "SCOSA-2004.11", "refsource" : "SCO", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P", "name" : "20030401-01-P", "refsource" : "SGI", "tags" : [ ] }, { "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt", "name" : "CSSA-2003-016.0", "refsource" : "CALDERA", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-278", "name" : "DSA-278", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-290", "name" : "DSA-290", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html", "name" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000614", "name" : "CLA-2003:614", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/321997", "name" : "20030520 [Fwd: 127 Research and Development: 127 Day!]", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-27.xml", "name" : "GLSA-200303-27", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1", "name" : "52620", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1", "name" : "52700", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1", "name" : "1001088", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104896621106790&w=2", "name" : "20030329 sendmail 8.12.9 available", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104914999806315&w=2", "name" : "20030330 [OpenPKG-SA-2003.027] OpenPKG Security Advisory (sendmail)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104897487512238&w=2", "name" : "20030329 Sendmail: -1 gone wild", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/317135/30/25220/threaded", "name" : "20030401 Immunix Secured OS 7+ openssl update", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316961/30/25250/threaded", "name" : "20030331 GLSA: sendmail (200303-27)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special \"NOCHAR\" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:2.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:2.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0d:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0d_pk9_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0_pk4_bl18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk6_bl20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.08:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.34:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux_series_800:10.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:sis:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.26:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk4_bl18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0_pk4_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux_series_700:10.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk5_bl19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0a_pk3_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk3_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.4:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:ppc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.09:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.16:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0162", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/6971", "name" : "6971", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-271", "name" : "DSA-271", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104673407728323&w=2", "name" : "20030303 Re: Ecardis Password Reseting Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104636153214262&w=2", "name" : "20030227 Ecardis Password Reseting Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11431", "name" : "ecartis-password-reset(11431)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ecartis:ecartis:1.0.0_snapshot_2002-10-13:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0163", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.rapid7.com/advisories/R7-0013.html", "name" : "http://www.rapid7.com/advisories/R7-0013.html", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7182", "name" : "7182", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105013281120352&w=2", "name" : "20030412 R7-0013: Heap Corruption in Gaim-Encryption Plugin", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service (crash) via a negative length, which overwrites arbitrary heap memory with a zero byte." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gaim-encryption:gaim-encryption:1.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gaim-encryption:gaim-encryption:1.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gaim-encryption:gaim-encryption:1.13:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-05T04:00Z", "lastModifiedDate" : "2016-10-18T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0165", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-128.html", "name" : "RHSA-2003:128", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7121", "name" : "7121", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0157.html", "name" : "20030328 Vulnerability in GNOME's Eye of Gnome", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/363001", "name" : "VU#363001", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.coresecurity.com/common/showdoc.php?idx=312&idxseccion=10", "name" : "http://www.coresecurity.com/common/showdoc.php?idx=312&idxseccion=10", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:048", "name" : "MDKSA-2003:048", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104887189724146&w=2", "name" : "20030328 CORE-2003-0304-03: Vulnerability in GNOME's Eye of Gnome", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A52", "name" : "oval:org.mitre.oval:def:52", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:eog:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:eog:1.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:eog:1.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:eog:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:eog:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:eog:2.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:eog:1.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:eog:1.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:eog:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:eog:1.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0166", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7197", "name" : "7197", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7198", "name" : "7198", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691", "name" : "CLSA-2003:691", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104878100719467&w=2", "name" : "20030327 RE: FUD-ALARM: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104931415307111&w=2", "name" : "20030402 Inaccurate Reports Concerning PHP Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104869828526885&w=2", "name" : "20030326 @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2018-10-30T16:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0167", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-274", "name" : "DSA-274", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7229", "name" : "7229", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-300", "name" : "DSA-300", "refsource" : "DEBIAN", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.25:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.27:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.16:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2008-09-05T20:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0168", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0166.html", "name" : "20030331 iDEFENSE Security Advisory 03.31.03: Buffer Overflow in Windows QuickTime Player", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.idefense.com/advisory/03.31.03.txt", "name" : "http://www.idefense.com/advisory/03.31.03.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://lists.apple.com/mhonarc/security-announce/msg00027.html", "name" : "http://lists.apple.com/mhonarc/security-announce/msg00027.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/112553", "name" : "VU#112553", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7247", "name" : "7247", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/10561", "name" : "10561", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11671", "name" : "quicktime-url-bo(11671)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/317148/30/25220/threaded", "name" : "20030401 iDEFENSE Security Advisory 03.31.03: Buffer Overflow in Windows QuickTime Player", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/317141/30/25220/threaded", "name" : "20030401 Fwd: QuickTime 6.1 for Windows is available", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0169", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0164.html", "name" : "20030331 [DDI-1012] Malformed request causes denial of service in HP Instant TopTools", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7246", "name" : "7246", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=104914959705949&w=2", "name" : "20030331 [DDI-1012] Malformed request causes denial of service in HP Instant TopTools", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which causes an infinite loop." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:instant_toptools:5.04:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-11T04:00Z", "lastModifiedDate" : "2016-10-18T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0170", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY42424", "name" : "IY42424", "refsource" : "AIXAPAR", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7346", "name" : "7346", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0469.1", "name" : "MSS-OAR-E01-2003.0469.1", "refsource" : "IBM", "tags" : [ ] }, { "url" : "http://www.osvdb.org/4878", "name" : "4878", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11823", "name" : "aix-ftpd-gain-access(11823)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-29T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0171", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a041003-1.txt", "name" : "A041003-1", "refsource" : "ATSTAKE", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html", "name" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-05T04:00Z", "lastModifiedDate" : "2008-09-10T19:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0172", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7210", "name" : "7210", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/316583", "name" : "20030327 Re: @(#)Mordred Labs advisory - PHP for Win32: buffer overflow in openlog() function", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/385238", "name" : "20041222 PHP v4.3.x exploit for Windows.", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.osvdb.org/2113", "name" : "2113", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104878149020152&w=2", "name" : "20030327 @(#)Mordred Labs advisory - PHP for Win32: buffer overflow in openlog() function", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104931415307111&w=2", "name" : "20030402 Inaccurate Reports Concerning PHP Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11637", "name" : "php-openlog-stack-bo(11637)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0173", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030404-01-P", "name" : "20030404-01-P", "refsource" : "SGI", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-283", "name" : "DSA-283", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/111673", "name" : "VU#111673", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:047", "name" : "MDKSA-2003:047", "refsource" : "MANDRAKE", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "xfsdq in xfsdump does not create quota information files securely, which allows local users to gain root privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfsdump:xfsdump:2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfsdump:xfsdump:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfsdump:xfsdump:2.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfsdump:xfsdump:2.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfsdump:xfsdump:2.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfsdump:xfsdump:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-05T04:00Z", "lastModifiedDate" : "2008-09-10T19:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0174", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030407-01-P", "name" : "20030407-01-P", "refsource" : "SGI", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7442", "name" : "7442", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-084.shtml", "name" : "N-084", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11860", "name" : "irix-ldap-authentication-bypass(11860)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12m:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0175", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/142228", "name" : "VU#142228", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7868", "name" : "7868", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030603-01-P", "name" : "20030603-01-P", "refsource" : "SGI", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securitytracker.com/id?1008770", "name" : "1008770", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12241", "name" : "irix-piocswatch-ioctl-dos(12241)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SGI IRIX before 6.5.21 allows local users to cause a denial of service (kernel panic) via a certain call to the PIOCSWATCH ioctl." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-03T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0176", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P", "name" : "20030701-01-P", "refsource" : "SGI", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Name Service Daemon (nsd), when running on an NIS master on SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via a UDP port scan." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2008-09-05T20:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0177", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P", "name" : "20030701-01-P", "refsource" : "SGI", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does not follow \"-\" entries in the /etc/group file, which may cause subsequent group membership entries to be processed inadvertently." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2008-09-05T20:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0178", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/772817", "name" : "VU#772817", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6871", "name" : "6871", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.nextgenss.com/advisories/lotus-hostlocbo.txt", "name" : "http://www.nextgenss.com/advisories/lotus-hostlocbo.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.nextgenss.com/advisories/lotus-inotesoflow.txt", "name" : "http://www.nextgenss.com/advisories/lotus-inotesoflow.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.cert.org/advisories/CA-2003-11.html", "name" : "CA-2003-11", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/206361", "name" : "VU#206361", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/542873", "name" : "VU#542873", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-065.shtml", "name" : "N-065", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6870", "name" : "6870", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0080.html", "name" : "20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0081.html", "name" : "20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0082.html", "name" : "20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104550335103136&w=2", "name" : "20030217 Domino Advisories UPDATE", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104550063431461&w=2", "name" : "20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104550063431463&w=2", "name" : "20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=104558777531350&w=2", "name" : "20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=104558778331387&w=2", "name" : "20030217 Domino Advisories UPDATE", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=104558777331345&w=2", "name" : "20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11337", "name" : "lotus-domino-hostname-bo(11337)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11336", "name" : "lotus-domino-inotes-bo(11336)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino_web_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0179", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/571297", "name" : "VU#571297", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6872", "name" : "6872", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0082.html", "name" : "20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.nextgenss.com/advisories/lotus-inotesclientaxbo.txt", "name" : "http://www.nextgenss.com/advisories/lotus-inotesclientaxbo.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21104543", "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21104543", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.cert.org/advisories/CA-2003-11.html", "name" : "CA-2003-11", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-065.shtml", "name" : "N-065", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104550335103136&w=2", "name" : "20030217 Domino Advisories UPDATE", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=104558778331387&w=2", "name" : "20030217 Domino Advisories UPDATE", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104550124032513&w=2", "name" : "20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=104558778131373&w=2", "name" : "20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11339", "name" : "lotus-notes-activex-bo(11339)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino_web_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0180", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.nextgenss.com/advisories/lotus-60dos.txt", "name" : "http://www.nextgenss.com/advisories/lotus-60dos.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-11.html", "name" : "CA-2003-11", "refsource" : "CERT", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/355169", "name" : "VU#355169", "refsource" : "CERT-VN", "tags" : [ "Patch", "US Government Resource", "Third Party Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0086.html", "name" : "20030218 More Lotus Domino Advisories", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21104528", "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21104528", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-065.shtml", "name" : "N-065", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6951", "name" : "6951", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11360", "name" : "lotus-incomplete-post-dos(11360)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino_web_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0181", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.nextgenss.com/advisories/lotus-60dos.txt", "name" : "http://www.nextgenss.com/advisories/lotus-60dos.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-11.html", "name" : "CA-2003-11", "refsource" : "CERT", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0086.html", "name" : "20030218 More Lotus Domino Advisories", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21104528", "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21104528", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6951", "name" : "6951", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11361", "name" : "lotus-invalid-field-dos(11361)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a \"Fictionary Value Field POST request\" as demonstrated using the s_Validation form with a long, unknown parameter name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino_web_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-02T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0187", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105986028426824&w=2", "name" : "20030802 [SECURITY] Netfilter Security Advisory: Conntrack list_del() DoS", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A260", "name" : "oval:org.mitre.oval:def:260", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0188", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-169.html", "name" : "RHSA-2003:169", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-304", "name" : "DSA-304", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-167.html", "name" : "RHSA-2003:167", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-35.txt", "name" : "TLSA-2003-35", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A430", "name" : "oval:org.mitre.oval:def:430", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lv:lv:4.49.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lv:lv:4.49.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:lv:4.49.4-9:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lv:lv:4.49.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lv:lv:4.49.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:lv:4.49.4-1:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:lv:4.49.4-3:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:lv:4.49.4-7:*:i386:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0189", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.apache.org/dist/httpd/Announcement2.html", "name" : "http://www.apache.org/dist/httpd/Announcement2.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-186.html", "name" : "RHSA-2003:186", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/479268", "name" : "VU#479268", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7725", "name" : "7725", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8881", "name" : "8881", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000661", "name" : "CLA-2003:661", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105418115512559&w=2", "name" : "20030528 [SECURITY] [ANNOUNCE] Apache 2.0.46 released", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12091", "name" : "apache-aprpasswordvalidate-dos(12091)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2021-06-06T11:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0190", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7467", "name" : "7467", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html", "name" : "20030430 OpenSSH/PAM timing attack allows remote users identification", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://lab.mediaservice.net/advisory/2003-01-openssh.txt", "name" : "http://lab.mediaservice.net/advisory/2003-01-openssh.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-222.html", "name" : "RHSA-2003:222", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-224.html", "name" : "RHSA-2003:224", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-31.txt", "name" : "TLSA-2003-31", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105172058404810&w=2", "name" : "20030430 OpenSSH/PAM timing attack allows remote users identification", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106018677302607&w=2", "name" : "20030806 [OpenPKG-SA-2003.035] OpenPKG Security Advisory (openssh)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A445", "name" : "oval:org.mitre.oval:def:445", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0192", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-240.html", "name" : "RHSA-2003:240", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-243.html", "name" : "RHSA-2003:243", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt", "name" : "SCOSA-2004.6", "refsource" : "SCO", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-244.html", "name" : "RHSA-2003:244", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:075", "name" : "MDKSA-2003:075", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105776593602600&w=2", "name" : "20030709 [ANNOUNCE][SECURITY] Apache 2.0.47 released", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A169", "name" : "oval:org.mitre.oval:def:169", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource" : "MLIST", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle \"certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one,\" which could cause Apache to use the weak ciphersuite." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2021-06-06T11:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0193", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2004/dsa-575", "name" : "DSA-575", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/11560", "name" : "11560", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/11193", "name" : "11193", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/13021/", "name" : "13021", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/13022/", "name" : "13022", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525", "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16335", "name" : "catdoc-xlsview-symlink(16335)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names (\"word$$.html\")." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:catdoc:catdoc:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.91", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-08-18T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0194", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-174.html", "name" : "RHSA-2003:174", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-151.html", "name" : "RHSA-2003:151", "refsource" : "REDHAT", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "tcpdump does not properly drop privileges to the pcap user when starting up." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:tcpdump:3.6.3-3:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:tcpdump:3.7.2-1:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:tcpdump:3.4-39:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:tcpdump:3.6.2-9:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:tcpdump:3.6.2-12:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:tcpdump:3.6.2-9:*:ia64:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2008-09-05T20:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0195", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-171.html", "name" : "RHSA-2003:171", "refsource" : "REDHAT", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-317", "name" : "DSA-317", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_028.html", "name" : "SuSE-SA:2003:028", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-33.txt", "name" : "TLSA-2003-33", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000678", "name" : "CLSA-2003:678", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7637", "name" : "7637", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:062", "name" : "MDKSA-2003:062", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105427288724449&w=2", "name" : "20030529 [slackware-security] CUPS DoS vulnerability fixed (SSA:2003-149-01)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6", "name" : "oval:org.mitre.oval:def:6", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0196", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-280", "name" : "DSA-280", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-137.html", "name" : "RHSA-2003:137", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:044", "name" : "MDKSA-2003:044", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104973186901597&w=2", "name" : "20030407 [OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104974612519064&w=2", "name" : "20030407 Immunix Secured OS 7+ samba update", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A564", "name" : "oval:org.mitre.oval:def:564", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba-tng:samba-tng:0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba-tng:samba-tng:0.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.3a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.1a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.7a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.0a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0d:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0d_pk9_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0_pk4_bl18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk6_bl20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0a_pk3_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:ppc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk4_bl18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0_pk4_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk5_bl19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk3_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.09.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.09.02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.08.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.09:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.05:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.06:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.07:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.08:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-05T04:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0197", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt", "name" : "http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0003.html", "name" : "20030403 SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104940730819887&w=2", "name" : "20030403 SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:borland_software:interbase:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:borland_software:interbase:6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:borland_software:interbase:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:firebirdsql:firebird:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-11T04:00Z", "lastModifiedDate" : "2016-10-18T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0198", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html", "name" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-05T04:00Z", "lastModifiedDate" : "2008-09-10T19:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0199", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0200", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0201", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-280", "name" : "DSA-280", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7294", "name" : "7294", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.digitaldefense.net/labs/advisories/DDI-1013.txt", "name" : "http://www.digitaldefense.net/labs/advisories/DDI-1013.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_025_samba.html", "name" : "SuSE-SA:2003:025", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-137.html", "name" : "RHSA-2003:137", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030403-01-P", "name" : "20030403-01-P", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/267873", "name" : "VU#267873", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000624", "name" : "CLA-2003:624", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:044", "name" : "MDKSA-2003:044", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104972664226781&w=2", "name" : "20030407 [DDI-1013] Buffer Overflow in Samba allows remote root compromise", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104974612519064&w=2", "name" : "20030407 Immunix Secured OS 7+ samba update", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104994564212488&w=2", "name" : "20030409 GLSA: samba (200304-02)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104981682014565&w=2", "name" : "20030408 [Sorcerer-spells] SAMBA--SORCERER2003-04-08", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A567", "name" : "oval:org.mitre.oval:def:567", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2163", "name" : "oval:org.mitre.oval:def:2163", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.1a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.3a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.0a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.7a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba-tng:samba-tng:0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba-tng:samba-tng:0.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0d_pk9_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0a_pk3_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0d:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0_pk4_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0_pk4_bl18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk5_bl19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:ppc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk6_bl20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk3_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk4_bl18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.09:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.09.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.09.02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.05:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.06:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.07:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.08:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.08.01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-05T04:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0202", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-279", "name" : "DSA-279", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7293", "name" : "7293", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11734", "name" : "metrics-tmpfile-symlink(11734)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brian_renaud:metrics:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-04-15T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0203", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/6921", "name" : "6921", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-281", "name" : "DSA-281", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8136", "name" : "8136", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-02/0338.html", "name" : "20030223 moxftp arbitrary code execution poc/advisory", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006156", "name" : "1006156", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104610380126860&w=2", "name" : "20030223 moxftp arbitrary code execution poc/advisory", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11399", "name" : "moxftp-welcome-banner-bo(11399)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP servers to execute arbitrary code via a long FTP banner." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:moxftp:moxftp:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xftp:xftp:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-11T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0204", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kde.org/info/security/advisory-20030409-1.txt", "name" : "http://www.kde.org/info/security/advisory-20030409-1.txt", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-284", "name" : "DSA-284", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://bugs.kde.org/show_bug.cgi?id=56808", "name" : "http://bugs.kde.org/show_bug.cgi?id=56808", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://bugs.kde.org/show_bug.cgi?id=53343", "name" : "http://bugs.kde.org/show_bug.cgi?id=53343", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-293", "name" : "DSA-293", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-296", "name" : "DSA-296", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-002.html", "name" : "RHSA-2003:002", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000668", "name" : "CLA-2003:668", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747", "name" : "CLA-2003:747", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:049", "name" : "MDKSA-2003:049", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105017403010459&w=2", "name" : "20030412 [Sorcerer-spells] KDE-SORCERER2003-04-12", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105012994719099&w=2", "name" : "20030411 GLSA: kde-2.x (200304-05)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105034222521369&w=2", "name" : "20030414 GLSA: kde-2.x (200304-05.1)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105001557020141&w=2", "name" : "20030410 GLSA: kde-3.x (200304-04)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.5a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.3a:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-05T04:00Z", "lastModifiedDate" : "2016-10-18T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0205", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-294", "name" : "DSA-294", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105111327000755&w=2", "name" : "20030423 Security problems in gkrellm-newsticker", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the ticker title of a URI." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gkrellm_newsticker:gkrellm_newsticker:0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2016-10-18T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0206", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-294", "name" : "DSA-294", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105111327000755&w=2", "name" : "20030423 Security problems in gkrellm-newsticker", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to cause a denial of service (crash) via (1) link or (2) title elements that contain multiple lines." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gkrellm_newsticker:gkrellm_newsticker:0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2016-10-18T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0207", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-286", "name" : "DSA-286", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gs-common:gs-common:0.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-05T04:00Z", "lastModifiedDate" : "2008-09-10T19:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0208", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securiteam.com/securitynews/5XP0B0U9PE.html", "name" : "http://www.securiteam.com/securitynews/5XP0B0U9PE.html", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.macromedia.com/support/flash/ts/documents/clicktag_security.htm", "name" : "http://www.macromedia.com/support/flash/ts/documents/clicktag_security.htm", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004514.html", "name" : "20030413 Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105033712615013&w=2", "name" : "20030413 Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:macromedia:flash:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-05T04:00Z", "lastModifiedDate" : "2016-10-18T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0209", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/139129", "name" : "VU#139129", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7178", "name" : "7178", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-297", "name" : "DSA-297", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.cert.org/advisories/CA-2003-13.html", "name" : "CA-2003-13", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10", "name" : "http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:052", "name" : "MDKSA-2003:052", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105154530427824&w=2", "name" : "20030428 GLSA: snort (200304-06)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105043563016235&w=2", "name" : "20030415 CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105111217731583&w=2", "name" : "20030423 Snort <=1.9.1 exploit", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105172790914107&w=2", "name" : "ESA-20030430-013", "refsource" : "ENGARDE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105103586927007&w=2", "name" : "20030422 GLSA: snort (200304-05)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sourcefire:snort:1.8.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sourcefire:snort:1.8.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:smoothwall:smoothwall:2.0_beta_4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sourcefire:snort:1.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sourcefire:snort:1.8.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sourcefire:snort:1.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sourcefire:snort:1.8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sourcefire:snort:1.8.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sourcefire:snort:1.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sourcefire:snort:1.8.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sourcefire:snort:1.8.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-05T04:00Z", "lastModifiedDate" : "2016-10-18T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0210", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml", "name" : "20030423 Cisco Secure Access Control Server for Windows Admin Buffer Overflow Vulnerability", "refsource" : "CISCO", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/697049", "name" : "VU#697049", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105120066126196&w=2", "name" : "20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=105118056332344&w=2", "name" : "20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS", "refsource" : "NTBUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:3.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:2.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:2.6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:2.6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:3.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2016-10-18T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0211", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=88537", "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=88537", "refsource" : "CONFIRM", "tags" : [ "Exploit" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-160.html", "name" : "RHSA-2003:160", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000782", "name" : "CLA-2003:782", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:056", "name" : "MDKSA-2003:056", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105068673220605&w=2", "name" : "20030418 Xinetd 2.3.10 Memory Leaks", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A657", "name" : "oval:org.mitre.oval:def:657", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-05T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0212", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-289", "name" : "DSA-289", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105059298502830&w=2", "name" : "20030417 Vulnerability in rinetd", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "handleAccept in rinetd before 0.62 does not properly resize the connection list when it becomes full and sets an array index incorrectly, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of connections." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rinetd:rinetd:0.52:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rinetd:rinetd:0.61:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2016-10-18T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0213", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/317995", "name" : "20030409 PoPToP PPTP server remotely exploitable buffer overflow", "refsource" : "BUGTRAQ", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-295", "name" : "DSA-295", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7316", "name" : "7316", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_029.html", "name" : "SuSE-SA:2003:029", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/673993", "name" : "VU#673993", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/archive/1/319428", "name" : "20030422 Re: Exploit for PoPToP PPTP server - Linux version", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://sourceforge.net/project/shownotes.php?release_id=138437", "name" : "http://sourceforge.net/project/shownotes.php?release_id=138437", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105068728421160&w=2", "name" : "20030418 Exploit for PoPToP PPTP server", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105154539727967&w=2", "name" : "20030428 GLSA: pptpd (200304-08)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:poptop:pptp_server:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:poptop:pptp_server:1.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:poptop:pptp_server:1.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:poptop:pptp_server:1.1.3_2002-10-09:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:poptop:pptp_server:1.1.4b1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:poptop:pptp_server:1.1.4b2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2016-10-18T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0214", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-292", "name" : "DSA-292", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "run-mailcap in mime-support 3.22 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.19:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2008-09-05T20:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0215", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.battleaxesoftware.com/forums/forum.asp?forumid=36&select=1812", "name" : "http://www.battleaxesoftware.com/forums/forum.asp?forumid=36&select=1812", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://securitytracker.com/id?1006632", "name" : "1006632", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105120052725940&w=2", "name" : "20030424 SQL injection in BttlxeForum", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allows remote attackers to bypass authentication via the (1) username and (2) password fields, and possibly other fields." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:battleaxe_software:bttlxeforum:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0_beta_3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2016-10-18T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0216", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" }, { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030424-catos.shtml.", "name" : "20030424 Cisco Security Advisory: Cisco Catalyst Enable Password Bypass Vulnerability", "refsource" : "CISCO", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/443257", "name" : "VU#443257", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:catos:7.5\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2008-09-10T19:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0217", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105283833617480&w=2", "name" : "20030513 XSS In Neoteris IVE Allows Session Hijacking", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:neoteris:instant_virtual_extranet:3.01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0218", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0029.html", "name" : "20030420 Monkey HTTPd Remote Buffer Overflow", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7202", "name" : "7202", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://monkeyd.sourceforge.net/Changelog.txt", "name" : "http://monkeyd.sourceforge.net/Changelog.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105094204204166&w=2", "name" : "20030420 Monkey HTTPd Remote Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105154473526898&w=2", "name" : "20030428 GLSA: monkeyd (200304-07.1)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:monkey-project:monkey:0.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:monkey-project:monkey:0.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:monkey-project:monkey:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.6.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:monkey-project:monkey:0.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2020-03-26T14:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0219", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10", "name" : "http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/641012", "name" : "VU#641012", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7179", "name" : "7179", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105155734411836&w=2", "name" : "20030428 CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall_2:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall_2:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall_2:2.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall_2:2.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall_2:2.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2016-10-18T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0220", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10", "name" : "http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/454716", "name" : "VU#454716", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7180", "name" : "7180", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105155734411836&w=2", "name" : "20030428 CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall_2:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall_2:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall_2:2.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall_2:2.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall_2:2.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2016-10-18T02:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0221", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ciac.org/ciac/bulletins/n-086.shtml", "name" : "SSRT3471", "refsource" : "HP", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7452", "name" : "7452", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11892", "name" : "tru64-dupatch-setld-symlink(11892)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and earlier allows local users to overwrite files and possibly gain root privileges via a symlink attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:tru64:*:pk1:*:*:*:*:*:*", "versionEndIncluding" : "5.1b", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0222", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf", "name" : "http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7453", "name" : "7453", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-085.shtml", "name" : "N-085", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105162831008176&w=2", "name" : "20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=105163376015735&w=2", "name" : "20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11885", "name" : "oracle-database-link-bo(11885)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a \"CREATE DATABASE LINK\" query containing a connect string with a long USING parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:7.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:7.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.0.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.0x:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:9.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.1x:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.1.7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.0.6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:9.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0223", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A66", "name" : "oval:org.mitre.oval:def:66", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018", "name" : "MS03-018", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : true } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2020-11-23T19:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0224", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=ntbugtraq&m=105431767100944&w=2", "name" : "20030530 NSFOCUS SA2003-05: Microsoft IIS ssinc.dll Over-long Filename Buffer Overflow Vulnerability", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A483", "name" : "oval:org.mitre.oval:def:483", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018", "name" : "MS03-018", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka \"Server Side Include Web Pages Buffer Overrun.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2018-10-30T16:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0225", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.aqtronix.com/Advisories/AQ-2003-01.txt", "name" : "http://www.aqtronix.com/Advisories/AQ-2003-01.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=105110606122772&w=2", "name" : "20030418 Microsoft Active Server Pages DoS", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A373", "name" : "oval:org.mitre.oval:def:373", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018", "name" : "MS03-018", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2018-10-30T16:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0226", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-05/0308.html", "name" : "20030528 Internet Information Services 5.0 Denial of service", "refsource" : "BUGTRAQ", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.spidynamics.com/iis_alert.html", "name" : "http://www.spidynamics.com/iis_alert.html", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105427362724860&w=2", "name" : "20030529 IIS WEBDAV Denial of Service attacks", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=105421243732552&w=2", "name" : "20030528 Internet Information Services 5.0 Denial of service", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A933", "name" : "oval:org.mitre.oval:def:933", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018", "name" : "MS03-018", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2020-11-23T19:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0227", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=ntbugtraq&m=105421127531558&w=2", "name" : "20030528 Re: Alert: MS03-019, Microsoft... wrong, again.", "refsource" : "NTBUGTRAQ", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105427615626177&w=2", "name" : "20030528 RE: Alert: MS03-019, Microsoft... wrong, again.", "refsource" : "BUGTRAQ", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=105421176432011&w=2", "name" : "20030528 MS03-019: DoS or Code of Choice", "refsource" : "NTBUGTRAQ", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A966", "name" : "oval:org.mitre.oval:def:966", "refsource" : "OVAL", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A936", "name" : "oval:org.mitre.oval:def:936", "refsource" : "OVAL", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-019", "name" : "MS03-019", "refsource" : "MS", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2020-11-13T16:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0228", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7517", "name" : "7517", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/384932", "name" : "VU#384932", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105240528419389&w=2", "name" : "20030508 why i love xs4all + mediaplayer thingie", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105232913516488&w=2", "name" : "20030507 Windows Media Player directory traversal vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=105233960728901&w=2", "name" : "20030507 Windows Media Player directory traversal vulnerability", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11953", "name" : "mediaplayer-skin-code-execution(11953)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A321", "name" : "oval:org.mitre.oval:def:321", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-017", "name" : "MS03-017", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:windows_media_player:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:windows_media_player:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2018-10-30T16:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0230", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/556356", "name" : "VU#556356", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A235", "name" : "oval:org.mitre.oval:def:235", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031", "name" : "MS03-031", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the \"Named Pipe Hijacking\" vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:*:desktop_engine:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp3a:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0231", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a072303-2.txt", "name" : "A072303-2", "refsource" : "ATSTAKE", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/918652", "name" : "VU#918652", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A299", "name" : "oval:org.mitre.oval:def:299", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031", "name" : "MS03-031", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp3a:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:*:desktop_engine:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0232", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a072303-3.txt", "name" : "A072303-3", "refsource" : "ATSTAKE", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/584868", "name" : "VU#584868", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A303", "name" : "oval:org.mitre.oval:def:303", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031", "name" : "MS03-031", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:*:desktop_engine:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp3a:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0233", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/11854.php", "name" : "ie-plugin-load-bo(11854)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105120164927952&w=2", "name" : "20030424 Internet Explorer Plugin.ocx heap overflow (#NISR24042003)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1094", "name" : "oval:org.mitre.oval:def:1094", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015", "name" : "MS03-015", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-12T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0235", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10", "name" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7461", "name" : "7461", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html", "name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105216842131995&w=2", "name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11938", "name" : "icq-pop3-format-string(11938)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious servers to execute arbitrary code via format strings in the response to a UIDL command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3638:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3659:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2002a_build3722:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3636:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:99a_2.15build1701:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:99a_2.21build1800:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2002a_build3727:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3777:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2000.0a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2000.0b_build3278:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3799:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3800:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0236", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10", "name" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7462", "name" : "7462", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7463", "name" : "7463", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html", "name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105216842131995&w=2", "name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11939", "name" : "icq-pop3-email-bo(11939)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2000.0a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2002a_build3727:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3777:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3659:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2002a_build3722:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2000.0b_build3278:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3799:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3800:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3636:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3638:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:99a_2.21build1800:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:99a_2.15build1701:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0237", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10", "name" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7464", "name" : "7464", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html", "name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105216842131995&w=2", "name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11944", "name" : "icq-features-no-auth(11944)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The \"ICQ Features on Demand\" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3636:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3800:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:99a_2.15build1701:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2000.0a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2000.0b_build3278:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3777:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3799:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3638:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3659:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:99a_2.21build1800:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2002a_build3722:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2002a_build3727:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0238", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10", "name" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7465", "name" : "7465", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html", "name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105216842131995&w=2", "name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11947", "name" : "icq-table-tag-dos(11947)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service (CPU consumption) by spoofing the address of an ADS server and sending HTML with a -1 width in a table tag." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3638:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3659:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3636:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:99a_2.15build1701:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:99a_2.21build1800:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2002a_build3722:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2002a_build3727:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2000.0a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2000.0b_build3278:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3777:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3799:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3800:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0239", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10", "name" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7466", "name" : "7466", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html", "name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105216842131995&w=2", "name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11948", "name" : "icq-gif89a-header-dos(11948)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2000.0a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2002a_build3727:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3777:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3659:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2002a_build3722:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2000.0b_build3278:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3799:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3800:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3636:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3638:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:99a_2.21build1800:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:99a_2.15build1701:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0240", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/799060", "name" : "VU#799060", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7652", "name" : "7652", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1006854", "name" : "1006854", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8876", "name" : "8876", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10", "name" : "http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.osvdb.org/4804", "name" : "4804", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105406374731579&w=2", "name" : "20030527 CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12104", "name" : "axis-admin-authentication-bypass(12104)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:axis:2110_network_camera:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.32", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:axis:2120_network_camera:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.32", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:axis:2100_network_camera:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.32", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:axis:250s_video_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.02", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:axis:2130_ptz_network_camera:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.32", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:axis:2400_video_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.32", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:axis:2401_video_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.32", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:axis:2420_network_camera:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.32", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:axis:2460_network_dvr:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.00", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0241", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0091.html", "name" : "20030528 SECNAP Security Advisory: Invalid HTML processing in GoldMine(tm)", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.secnap.net/security/gm001.html", "name" : "http://www.secnap.net/security/gm001.html", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sends HTML to the default browser without setting its security zone or otherwise labeling it untrusted, which allows remote attackers to execute arbitrary code via a message that is rendered in IE using a less secure zone." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:frontrange:goldmine:5.70:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:frontrange:goldmine:6.00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2008-09-05T20:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0242", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://docs.info.apple.com/article.html?artnum=61798", "name" : "http://docs.info.apple.com/article.html?artnum=61798", "refsource" : "CONFIRM", "tags" : [ "Broken Link" ] }, { "url" : "http://www.kb.cert.org/vuls/id/869548", "name" : "VU#869548", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7628", "name" : "7628", "refsource" : "BID", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://securitytracker.com/id?1006796", "name" : "1006796", "refsource" : "SECTRACK", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://secunia.com/advisories/8798", "name" : "8798", "refsource" : "SECUNIA", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12027", "name" : "macos-ipsec-acl-bypass(12027)", "refsource" : "XF", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IPSec in Mac OS X before 10.2.6 does not properly handle certain incoming security policies that match by port, which could allow traffic that is not explicitly allowed by the policies." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.2.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2020-12-09T15:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0243", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0058.html", "name" : "20030507 Happymall E-Commerce Remote Command Execution", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1006707", "name" : "1006707", "refsource" : "SECTRACK", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the (1) normal_html.cgi or (2) member_html.cgi scripts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:happycgi:happymall:4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:happycgi:happymall:4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0244", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-145.html", "name" : "RHSA-2003:145", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-311", "name" : "DSA-311", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0073.html", "name" : "20030517 Algorithmic Complexity Attacks and the Linux Networking Code", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html", "name" : "http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-147.html", "name" : "RHSA-2003:147", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-172.html", "name" : "RHSA-2003:172", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-312", "name" : "DSA-312", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-332", "name" : "DSA-332", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-336", "name" : "DSA-336", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-442", "name" : "DSA-442", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7601", "name" : "7601", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.secunia.com/advisories/8786/", "name" : "8786", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:066", "name" : "MDKSA-2003:066", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074", "name" : "MDKSA-2003:074", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=linux-kernel&m=104956079213417", "name" : "http://marc.info/?l=linux-kernel&m=104956079213417", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105595901923063&w=2", "name" : "20030618 [slackware-security] 2.4.21 kernels available (SSA:2003-168-01)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105301461726555&w=2", "name" : "ESA-20030515-017", "refsource" : "ENGARDE", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15382", "name" : "data-algorithmic-complexity-dos(15382)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A261", "name" : "oval:org.mitre.oval:def:261", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0245", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.apache.org/dist/httpd/Announcement2.html", "name" : "http://www.apache.org/dist/httpd/Announcement2.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-186.html", "name" : "RHSA-2003:186", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/757612", "name" : "VU#757612", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0095.html", "name" : "20030530 iDEFENSE Security Advisory 05.30.03: Apache Portable Runtime Denial of Service and Arbitrary Code Execution Vulnerability", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.idefense.com/advisory/05.30.03.txt", "name" : "http://www.idefense.com/advisory/05.30.03.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7723", "name" : "7723", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000661", "name" : "CLA-2003:661", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:063", "name" : "MDKSA-2003:063", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105418115512559&w=2", "name" : "20030528 [SECURITY] [ANNOUNCE] Apache 2.0.46 released", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12090", "name" : "apache-aprpsprintf-code-execution(12090)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource" : "MLIST", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2021-06-06T11:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0246", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-172.html", "name" : "RHSA-2003:172", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-311", "name" : "DSA-311", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-147.html", "name" : "RHSA-2003:147", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-312", "name" : "DSA-312", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-332", "name" : "DSA-332", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-336", "name" : "DSA-336", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-442", "name" : "DSA-442", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-41.txt", "name" : "TLSA-2003-41", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0076.html", "name" : "20030520 Linux 2.4 kernel ioperm vuln", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:066", "name" : "MDKSA-2003:066", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074", "name" : "MDKSA-2003:074", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105301461726555&w=2", "name" : "ESA-20030515-017", "refsource" : "ENGARDE", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A278", "name" : "oval:org.mitre.oval:def:278", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.35:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.27:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.34:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.65:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.59:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.58:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.50:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.66:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.29:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.54:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.68:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.47:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.62:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.51:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.67:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.39:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.60:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.45:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.25:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.61:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.46:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.52:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.44:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.37:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.31:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.53:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.69:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.64:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.48:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.56:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.55:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.33:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.57:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.26:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.63:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.49:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.6 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0247", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-187.html", "name" : "RHSA-2003:187", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-311", "name" : "DSA-311", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-195.html", "name" : "RHSA-2003:195", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html", "name" : "RHSA-2003:198", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-312", "name" : "DSA-312", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-332", "name" : "DSA-332", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-336", "name" : "DSA-336", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-442", "name" : "DSA-442", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-41.txt", "name" : "TLSA-2003-41", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:066", "name" : "MDKSA-2003:066", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074", "name" : "MDKSA-2003:074", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A284", "name" : "oval:org.mitre.oval:def:284", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service (\"kernel oops\")." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0248", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-187.html", "name" : "RHSA-2003:187", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-311", "name" : "DSA-311", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-195.html", "name" : "RHSA-2003:195", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-312", "name" : "DSA-312", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-332", "name" : "DSA-332", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-336", "name" : "DSA-336", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-442", "name" : "DSA-442", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-41.txt", "name" : "TLSA-2003-41", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:066", "name" : "MDKSA-2003:066", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074", "name" : "MDKSA-2003:074", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A292", "name" : "oval:org.mitre.oval:def:292", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0249", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=97", "name" : "20030625 PHP/Apache .htaccess Authentication Bypass Vulnerability", "refsource" : "IDEFENSE", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** DISPUTED ** PHP treats unknown methods such as \"PoSt\" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying \"It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0251", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-173.html", "name" : "RHSA-2003:173", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55600&zone_32=category%3Asecurity", "name" : "55600", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-43.txt", "name" : "TLSA-2003-43", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8031", "name" : "8031", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1016517", "name" : "1016517", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/21112", "name" : "21112", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-201.html", "name" : "RHSA-2003:201", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:072", "name" : "MDKSA-2003:072", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.vupen.com/english/advisories/2006/2873", "name" : "ADV-2006-2873", "refsource" : "VUPEN", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A667", "name" : "oval:org.mitre.oval:def:667", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/440454/100/0/threaded", "name" : "HPSBTU02132", "refsource" : "HP", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nis:ypserv_nis_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0252", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0023.html", "name" : "20030714 Linux nfs-utils xlog() off-by-one bug", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0024.html", "name" : "20030714 Reality of the rpc.mountd bug", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt", "name" : "http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-349", "name" : "DSA-349", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-206.html", "name" : "RHSA-2003:206", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-207.html", "name" : "RHSA-2003:207", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_031_nfs_utils.html", "name" : "SuSE-SA:2003:031", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-44.txt", "name" : "TLSA-2003-44", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/258564", "name" : "VU#258564", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8179", "name" : "8179", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1007187", "name" : "1007187", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9259", "name" : "9259", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:076", "name" : "MDKSA-2003:076", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001262.1-1", "name" : "1001262", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105839032403325&w=2", "name" : "20030716 Immunix Secured OS 7+ nfs-utils update -- bugtraq", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105830921519513&w=2", "name" : "20030715 [slackware-security] nfs-utils packages replaced (SSA:2003-195-01b)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105820223707191&w=2", "name" : "20030714 Linux nfs-utils xlog() off-by-one bug", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12600", "name" : "nfs-utils-offbyone-bo(12600)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A443", "name" : "oval:org.mitre.oval:def:443", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nfs:nfs-utils:0.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nfs:nfs-utils:0.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nfs:nfs-utils:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nfs:nfs-utils:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nfs:nfs-utils:0.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nfs:nfs-utils:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nfs:nfs-utils:0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0253", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-240.html", "name" : "RHSA-2003:240", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:075", "name" : "MDKSA-2003:075", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105776593602600&w=2", "name" : "20030709 [ANNOUNCE][SECURITY] Apache 2.0.47 released", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A173", "name" : "oval:org.mitre.oval:def:173", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource" : "MLIST", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2021-06-06T11:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0254", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-240.html", "name" : "RHSA-2003:240", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:075", "name" : "MDKSA-2003:075", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105776593602600&w=2", "name" : "20030709 [ANNOUNCE][SECURITY] Apache 2.0.47 released", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A183", "name" : "oval:org.mitre.oval:def:183", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource" : "MLIST", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2021-06-06T11:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0255", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-175.html", "name" : "RHSA-2003:175", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-176.html", "name" : "RHSA-2003:176", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/397604", "name" : "VU#397604", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7497", "name" : "7497", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/4947", "name" : "4947", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-34.txt", "name" : "TLSA200334", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000694", "name" : "CLA-2003:694", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html", "name" : "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html", "name" : "20030515-016", "refsource" : "ENGARDE", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:061", "name" : "MDKSA-2003:061", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105301357425157&w=2", "name" : "ESA-20030515-016", "refsource" : "ENGARDE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105311804129104&w=2", "name" : "20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105215110111174&w=2", "name" : "20030504 Key validity bug in GnuPG 1.2.1 and earlier", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105362224514081&w=2", "name" : "20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11930", "name" : "gnupg-invalid-key-acceptance(11930)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135", "name" : "oval:org.mitre.oval:def:135", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0256", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000665", "name" : "CLA-2003:665", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://kopete.kde.org/index.php?page=newsstory&news=Kopete_releases_version_0.6.2", "name" : "http://kopete.kde.org/index.php?page=newsstory&news=Kopete_releases_version_0.6.2", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:055", "name" : "MDKSA-2003:055", "refsource" : "MANDRAKE", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:kopete:0.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0257", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0660.1", "name" : "MSS-OAR-E01-2003:0660.1", "refsource" : "IBM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12000", "name" : "aix-print-format-string(12000)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-04-15T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0258", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml", "name" : "20030507 Cisco VPN 3000 Concentrator Vulnerabilities", "refsource" : "CISCO", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/727780", "name" : "VU#727780", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11954", "name" : "cisco-vpn-unauth-access(11954)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\\(rel\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.c:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3005_concentrator_software:4.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.d:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:vpn_3002_hardware_client:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0259", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml", "name" : "20030507 Cisco VPN 3000 Concentrator Vulnerabilities", "refsource" : "CISCO", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/317348", "name" : "VU#317348", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11955", "name" : "cisco-vpn-ssh-dos(11955)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.c:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.d:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1\\(rel\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.c:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\\(rel\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.d:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:vpn_3002_hardware_client:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0260", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml", "name" : "20030507 Cisco VPN 3000 Concentrator Vulnerabilities", "refsource" : "CISCO", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/221164", "name" : "VU#221164", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11956", "name" : "cisco-vpn-icmp-dos(11956)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\\(rel\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.d:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.c:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1\\(rel\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:vpn_3002_hardware_client:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0261", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-302", "name" : "DSA-302", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "fuzz 0.6 and earlier creates temporary files insecurely, which could allow local users to gain root privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fuzz:fuzz:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0262", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-299", "name" : "DSA-299", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7505", "name" : "7505", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11945", "name" : "kataxwr-gain-privileges(11945)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, which allows local users to gain root privileges by exploiting unknown vulnerabilities related to the escalated privileges, which KATAXWR is not designed to have." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leksbot:leksbot:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0263", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7506", "name" : "7506", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7508", "name" : "7508", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0052.html", "name" : "20030506 Multiple Buffer Overflow Vulnerabilities Found in FTGate Pro Mail Server v. 1.22 (1328)", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105223471822836&w=2", "name" : "20030506 Multiple Buffer Overflow Vulnerabilities Found in FTGate Pro Mail Server v. 1.22 (1328)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11951", "name" : "ftgate-mailfrom-rcptto-bo(11951)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in Floosietek FTGate Pro Mail Server (FTGatePro) 1.22 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:floosietek:ftgatepro:1.22_1328:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0264", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.nextgenss.com/advisories/slmail-vulns.txt", "name" : "http://www.nextgenss.com/advisories/slmail-vulns.txt", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105232506011335&w=2", "name" : "20030507 Multiple Buffer Overflow Vulnerabilities in SLMail (#NISR07052003A)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=105233360321895&w=2", "name" : "20030507 Multiple Buffer Overflow Vulnerabilities in SLMail (#NISR07052003A)", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "http://packetstormsecurity.com/files/161526/SLMail-5.1.0.4420-Remote-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/161526/SLMail-5.1.0.4420-Remote-Code-Execution.html", "refsource" : "MISC", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3 server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:seattle_lab_software:slmail:5.1.0.4420:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2021-02-24T17:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0265", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7421", "name" : "7421", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105232424810097&w=2", "name" : "20030507 SAP database local root vulnerability during installation. (fwd)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by modifying the files before the permissions are changed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:sap_db:7.4.3.7_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:sap_db:7.3.29:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.2 }, "severity" : "MEDIUM", "exploitabilityScore" : 1.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0266", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.nextgenss.com/advisories/slwebmail-vulns.txt", "name" : "http://www.nextgenss.com/advisories/slwebmail-vulns.txt", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=105233363721919&w=2", "name" : "20030507 Multiple Vulnerabilities in SLWebmail", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105232436210273&w=2", "name" : "20030507 Multiple Vulnerabilities in SLWebmail", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in SLWebMail 3 on Windows systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long Language parameter to showlogin.dll, (2) a long CompanyID parameter to recman.dll, (3) a long CompanyID parameter to admin.dll, or (4) a long CompanyID parameter to globallogin.dll." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bvrp_software:slwebmail:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0267", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.nextgenss.com/advisories/slwebmail-vulns.txt", "name" : "http://www.nextgenss.com/advisories/slwebmail-vulns.txt", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=105233363721919&w=2", "name" : "20030507 Multiple Vulnerabilities in SLWebmail", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105232436210273&w=2", "name" : "20030507 Multiple Vulnerabilities in SLWebmail", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote attackers to read arbitrary files by directly calling ShowGodLog.dll with an argument specifying the full path of the target file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bvrp_software:slwebmail:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0268", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.nextgenss.com/advisories/slwebmail-vulns.txt", "name" : "http://www.nextgenss.com/advisories/slwebmail-vulns.txt", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=105233363721919&w=2", "name" : "20030507 Multiple Vulnerabilities in SLWebmail", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105232436210273&w=2", "name" : "20030507 Multiple Vulnerabilities in SLWebmail", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bvrp_software:slwebmail:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0269", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7503", "name" : "7503", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0053.html", "name" : "20030506 youbin local root exploit + advisory", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004892.html", "name" : "20030506 youbin local root exploit + advisory", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105223947528794&w=2", "name" : "20030506 youbin local root exploit + advisory", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11949", "name" : "youbin-home-bo(11949)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in youbin allows local users to gain privileges via a long HOME environment variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:youbin:youbin:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:youbin:youbin:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:youbin:youbin:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0270", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a051203-1.txt", "name" : "A051203-1", "refsource" : "ATSTAKE", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7554", "name" : "7554", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securitytracker.com/id?1006742", "name" : "1006742", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8773", "name" : "8773", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980", "name" : "airport-auth-credentials-disclosure(11980)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:apple:802.11n:7.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.6 }, "severity" : "HIGH", "exploitabilityScore" : 4.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0271", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/316958", "name" : "20030331 Personal FTP Server", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://security.nnov.ru/search/document.asp?docid=4309", "name" : "http://security.nnov.ru/search/document.asp?docid=4309", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105240469318622&w=2", "name" : "20030508 Remote Stack Overflow exploit for Personal FTPD", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Personal FTP Server allows remote attackers to execute arbitrary code via a long USER argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cooolsoft:personal_ftp_server:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0272", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.frog-man.org/tutos/miniPortail.txt", "name" : "http://www.frog-man.org/tutos/miniPortail.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105240907024660&w=2", "name" : "20030508 miniPortail (PHP) : Admin Access", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "admin.php in miniPortail allows remote attackers to gain administrative privileges by setting the miniPortailAdmin cookie to an \"adminok\" value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:miniportal:miniportal:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:miniportal:miniportal:1.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:miniportal:miniportal:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:miniportal:miniportal:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0273", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.fsck.com/pipermail/rt-announce/2003-May/000071.html", "name" : "http://lists.fsck.com/pipermail/rt-announce/2003-May/000071.html", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105240947225275&w=2", "name" : "20030508 Fw: [rt-users] [rt-announce] RT 1.0.7 vulnerable to Cross Site Scripting attacks", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers to execute script via message bodies." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:best_practical_solutions:request_tracker:1.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:best_practical_solutions:request_tracker:1.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:best_practical_solutions:request_tracker:1.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:best_practical_solutions:request_tracker:1.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:best_practical_solutions:request_tracker:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:best_practical_solutions:request_tracker:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:best_practical_solutions:request_tracker:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:best_practical_solutions:request_tracker:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0274", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105241224228693&w=2", "name" : "20030508 SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in catmail for ListProc 8.2.09 and earlier allows remote attackers to execute arbitrary code via a long ULISTPROC_UMASK value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cren:listproc:8.2.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0275", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105249980809988&w=2", "name" : "20030509 II-Labs Advisory: Remote code execution in YaBBse 1.5.2 (php version)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yabb:yabb:1.5.2:*:second_edition:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.1 }, "severity" : "MEDIUM", "exploitabilityScore" : 4.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0276", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7555", "name" : "7555", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105275789410250&w=2", "name" : "20030512 Unix Version of the Pi3web DoS", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105155818012718&w=2", "name" : "20030428 Pi3Web 2.0.1 DoS", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11889", "name" : "pi3web-get-request-bo(11889)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large number of / characters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pi3:pi3web:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0277", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7559", "name" : "7559", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105276130814262&w=2", "name" : "20030512 One more flaw in Happymall", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11987", "name" : "happymall-dotdot-directory-traversal(11987)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the file parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:happycgi:happymall:4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:happycgi:happymall:4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0278", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7557", "name" : "7557", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105276130814262&w=2", "name" : "20030512 One more flaw in Happymall", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11988", "name" : "happymall-normalhtml-xss(11988)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:happycgi.com:happymall:4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:happycgi.com:happymall:4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0279", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7558", "name" : "7558", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html", "name" : "20030513 More and More SQL injection on PHP-Nuke 6.5.", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7588", "name" : "7588", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105276019312980&w=2", "name" : "20030512 Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11984", "name" : "phpnuke-web-sql-injection(11984)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.6 }, "severity" : "LOW", "exploitabilityScore" : 4.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0280", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0062.html", "name" : "20030510 Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7547", "name" : "7547", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7548", "name" : "7548", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105258772101349&w=2", "name" : "20030510 Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11975", "name" : "cmailserver-smtp-bo(11975)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:youngzsoft:cmailserver:4.0.2003.23.27:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0281", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/lists/bugtraq/2002/Jun/0212.html", "name" : "20020617 Interbase 6.0 malloc() issues", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://security.gentoo.org/glsa/glsa-200405-18.xml", "name" : "GLSA-200405-18", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7546", "name" : "7546", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8758", "name" : "8758", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105259012802997&w=2", "name" : "20030509 Firebird Local exploit", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11977", "name" : "firebird-interbase-bo(11977)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:firebirdsql:firebird:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0282", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7550", "name" : "7550", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-199.html", "name" : "RHSA-2003:199", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-200.html", "name" : "RHSA-2003:200", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-017-01", "name" : "IMNX-2003-7+-017-01", "refsource" : "IMMUNIX", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-344", "name" : "DSA-344", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-42.txt", "name" : "TLSA-2003-42", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-111.shtml", "name" : "N-111", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000672", "name" : "CLA-2003:672", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:073", "name" : "MDKSA-2003:073", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-031.0.txt", "name" : "CSSA-2003-031.0", "refsource" : "CALDERA", "tags" : [ ] }, { "url" : "http://www.info-zip.org/FAQ.html", "name" : "http://www.info-zip.org/FAQ.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105259038503175&w=2", "name" : "20030509 unzip directory traversal revisited", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105786446329347&w=2", "name" : "20030710 [OpenPKG-SA-2003.033] OpenPKG Security Advisory (infozip)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12004", "name" : "unzip-dotdot-directory-traversal(12004)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A619", "name" : "oval:org.mitre.oval:def:619", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a \"..\" sequence." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:info-zip:unzip:5.50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sco:openlinux_workstation:3.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sco:openlinux_server:3.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.6 }, "severity" : "LOW", "exploitabilityScore" : 4.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0283", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7545", "name" : "7545", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105251043821533&w=2", "name" : "20030509 A Phorum's bug...", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105251421925394&w=2", "name" : "20030509 Re: A Phorum's bug...", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11974", "name" : "phorum-message-html-injection(11974)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a \"<<\" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phorum:phorum:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.4.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0284", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2121", "name" : "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2121", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/184820", "name" : "VU#184820", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2008-09-05T20:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0285", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://security.sdsc.edu/advisories/2003.05.13-AIX-sendmail.txt", "name" : "http://security.sdsc.edu/advisories/2003.05.13-AIX-sendmail.txt", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/814617", "name" : "VU#814617", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7580", "name" : "7580", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105284689228961&w=2", "name" : "20030513 AIX sendmail open relay", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11993", "name" : "aix-sendmail-mail-relay(11993)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", "versionEndIncluding" : "5.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0286", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0067.html", "name" : "20030512 Snitz Forum 3.3.03 Remote Command Execution", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7549", "name" : "7549", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://packetstormsecurity.org/0305-exploits/snitz_exec.txt", "name" : "http://packetstormsecurity.org/0305-exploits/snitz_exec.txt", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/35764", "name" : "35764", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://secunia.com/advisories/35733", "name" : "35733", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://osvdb.org/56166", "name" : "56166", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105277599131134&w=2", "name" : "20030513 Snitz Forum 3.3.03 Remote Command Execution", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11981", "name" : "snitz-register-sql-injection(11981)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:snitz_communications:snitz_forums_2000:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.3.03", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0287", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7560", "name" : "7560", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105284589927655&w=2", "name" : "20030513 Re: CSS found in Movable Type -- Nope", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105276879622636&w=2", "name" : "20030512 CSS found in Movable Type", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105277690132079&w=2", "name" : "20030512 Re: CSS found in Movable Type", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12003", "name" : "movable-type-comment-xss(12003)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the \"Allow HTML in comments?\" option is enabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:six_apart:movable_type:2.63:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:six_apart:movable_type:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0288", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.lac.co.jp/security/english/snsadv_e/64_e.html", "name" : "http://www.lac.co.jp/security/english/snsadv_e/64_e.html", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7566", "name" : "7566", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105283843417610&w=2", "name" : "20030513 [SNS Advisory No.64] IP Messenger for Win Buffer Overflow Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11986", "name" : "ip-messenger-filename-bo(11986)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the file & folder transfer mechanism for IP Messenger for Win 2.00 through 2.02 allows remote attackers to execute arbitrary code via file with a long filename, which triggers the overflow when the user saves the file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hiroaki_shirouzu:ip_messenger:2.00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0289", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7565", "name" : "7565", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gz", "name" : "ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gz", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securiteam.com/exploits/5ZP0C2AAAC.html", "name" : "http://www.securiteam.com/exploits/5ZP0C2AAAC.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://forums.gentoo.org/viewtopic.php?t=54904", "name" : "200305-06", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:058", "name" : "MDKSA-2003:058", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105286031812533&w=2", "name" : "20030513 Cdrecord_local_root_exploit.", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105285564307225&w=2", "name" : "20030513 cdrtools2.0 Format String Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12007", "name" : "cdrtools-scsiopen-format-string(12007)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cdrtools:cdrecord:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cdrtools:cdrecord:1.11:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0290", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0064.html", "name" : "20030511 eServ Memory Leak Enables Denial of Service Attacks", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7552", "name" : "7552", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105284631428187&w=2", "name" : "20030513 eServ Memory Leak Solution", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105284630228137&w=2", "name" : "20030511 eServ Memory Leak Enables Denial of Service Attacks", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11973", "name" : "eserv-multiple-connections-dos(11973)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Memory leak in eServ 2.9x allows remote attackers to cause a denial of service (memory exhaustion) via a large number of connections, whose memory is not freed when the connection is terminated." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:etype:eserv:2.9x:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0291", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://nautopia.coolfreepages.com/vulnerabilidades/3com812_dhcp_leak.htm", "name" : "http://nautopia.coolfreepages.com/vulnerabilidades/3com812_dhcp_leak.htm", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7592", "name" : "7592", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105292451702516&w=2", "name" : "20030514 Memory leak in 3COM 812 DSL routers", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105301488426951&w=2", "name" : "20030515 RE : Memory leak in 3COM DSL routers", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11999", "name" : "3com-officeconnect-memory-leak(11999)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:3com:3cp4144:1.1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0292", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7596", "name" : "7596", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105292750807005&w=2", "name" : "20030514 Inktomi Traffic-Server XSS: man-in-the-middle XSS !", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5.1 allows remote attackers to insert arbitrary web script or HTML into an error page that appears to come from the domain that the client is visiting, aka \"Man-in-the-Middle\" XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:inktomi:inktomi_traffic-server:5.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0293", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105293128612131&w=2", "name" : "20030514 PalmOS ICMP flood DoS.", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PalmOS allows remote attackers to cause a denial of service (CPU consumption) via a flood of ICMP echo request (ping) packets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:palm:palmos:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0294", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105293834421549&w=2", "name" : "20030514 php-proxima Remote File Access Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "autohtml.php in php-proxima 6.0 and earlier allows remote attackers to read arbitrary files via the name parameter in a modload operation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php-proxima:php-proxima:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0295", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105292832607981&w=2", "name" : "20030514 VBulletin Preview Message - XSS Vuln", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105293890422210&w=2", "name" : "20030514 Re: VBulletin Preview Message - XSS Vuln", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the \"Preview Message\" capability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jelsoft:vbulletin:3.0.0_beta_2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0296", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105294024124163&w=2", "name" : "20030514 Buffer overflows in multiple IMAP clients", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0297", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2005-015.html", "name" : "RHSA-2005:015", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2005-114.html", "name" : "RHSA-2005:114", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105294024124163&w=2", "name" : "20030514 Buffer overflows in multiple IMAP clients", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/430302/100/0/threaded", "name" : "FLSA:184074", "refsource" : "FEDORA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.53:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:c-client:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:imap-2002b:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0298", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105294024124163&w=2", "name" : "20030514 Buffer overflows in multiple IMAP clients", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0299", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105294024124163&w=2", "name" : "20030514 Buffer overflows in multiple IMAP clients", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stuart_parmenter:balsa:2.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0300", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105294024124163&w=2", "name" : "20030514 Buffer overflows in multiple IMAP clients", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:outlook_express:6.00.2800.1106:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.53:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qualcomm:eudora:5.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stuart_parmenter:balsa:2.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sylpheed:sylpheed_email_client:0.8.11:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0301", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105294024124163&w=2", "name" : "20030514 Buffer overflows in multiple IMAP clients", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:outlook_express:6.00.2800.1106:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0302", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105294024124163&w=2", "name" : "20030514 Buffer overflows in multiple IMAP clients", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qualcomm:eudora:5.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0303", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0070.html", "name" : "20030515 OneOrZero Security Problems (PHP)", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7609", "name" : "7609", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105302025601231&w=2", "name" : "20030515 OneOrZero Security Problems (PHP)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to modify arbitrary ticket number descriptions via the sg parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.4_rc4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0304", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0070.html", "name" : "20030515 OneOrZero Security Problems (PHP)", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105302025601231&w=2", "name" : "20030515 OneOrZero Security Problems (PHP)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to create administrator accounts by directly calling the install.php Helpdesk Installation script." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.4_rc4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0305", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030515-saa.shtml", "name" : "20030515 Cisco Security Advisory: Cisco IOS Software Processing of SAA Packets", "refsource" : "CISCO", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5608", "name" : "oval:org.mitre.oval:def:5608", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(15\\)s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(15\\)sc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(18\\)s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(18\\)sl:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(21\\)sl:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(21\\)sx:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(11\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(11.5\\)e:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(17\\)s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(17\\)sl:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(20\\)sp:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(6.8a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(10\\)e:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(11a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(9.4\\)da:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(7\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(15\\)sl:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(12b\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(19\\)sl:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(10.5\\)s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(16\\)s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(10\\)ey:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(21\\)s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(19\\)s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(10a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(13\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(11b\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(12a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(7\\)da:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(10\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(10.5\\)ec:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(14\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(12c\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(7b\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(16\\)st:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(20\\)sl:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(9\\)ea:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(9\\)s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(14.5\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(19\\)sp:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(10\\)ec:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(10\\)ex:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(7c\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(8\\)ea:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(7a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(12\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(16\\)sc:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0306", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=vuln-dev&m=105241032526289&w=2", "name" : "20030507 Buffer overflow in Explorer.exe", "refsource" : "VULN-DEV", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105284486526310&w=2", "name" : "20030511 Detailed analysis: Buffer overflow in Explorer.exe on Windows XP SP1", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105301349925036&w=2", "name" : "20030515 Re[2]: EXPLOIT: Buffer overflow in Explorer.exe on Windows XP SP1", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3095", "name" : "oval:org.mitre.oval:def:3095", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-027", "name" : "MS03-027", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0307", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105295155004969&w=2", "name" : "20030514 [VULNERABILITY] PHP 'poster version.two'", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Poster version.two allows remote authenticated users to gain administrative privileges by appending the \"|\" field separator and an \"admin\" value into the email address field." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:poster:poster:version.two:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0308", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-305", "name" : "DSA-305", "refsource" : "DEBIAN", "tags" : [ "Patch" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2", "name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "http://dev.gentoo.org/~rbu/security/debiantemp/sendmail-base", "name" : "http://dev.gentoo.org/~rbu/security/debiantemp/sendmail-base", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", "name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://bugs.debian.org/496408", "name" : "http://bugs.debian.org/496408", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-15T04:00Z", "lastModifiedDate" : "2008-11-11T05:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0309", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/251788", "name" : "VU#251788", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7539", "name" : "7539", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8807", "name" : "8807", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105249399103214&w=2", "name" : "20030508 Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL]", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105294081325040&w=2", "name" : "20030513 Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! - UPDATED", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=105294162726096&w=2", "name" : "20030513 Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! - UPDATED", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12019", "name" : "ie-frame-restrictions-bypass(12019)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A948", "name" : "oval:org.mitre.oval:def:948", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020", "name" : "MS03-020", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the \"File Download Dialog Vulnerability.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0.2800:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0310", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105310013606680&w=2", "name" : "20030516 EzPublish Directory XSS Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ez:ez_publish:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0312", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105311719128173&w=2", "name" : "20030516 Snowblind Web Server: multiple issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:snowblind.net:snowblind_web_server:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0313", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105311719128173&w=2", "name" : "20030516 Snowblind Web Server: multiple issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to list arbitrary directory contents via a ... (triple dot) in an HTTP request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:snowblind.net:snowblind_web_server:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0314", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105311719128173&w=2", "name" : "20030516 Snowblind Web Server: multiple issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) via a URL that ends in a \" SQL injection", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in ttForum allows remote attackers to execute arbitrary SQL and gain ttForum Administrator privileges via the Ignorelist-Textfield argument in the Preferences page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ttcms:ttforum:4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0332", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0075.html", "name" : "20030520 BadBlue Remote Administrative Interface Access Vulnerability", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105346382524169&w=2", "name" : "20030520 BadBlue Remote Administrative Interface Access Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:working_resources_inc.:badblue:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.6 }, "severity" : "HIGH", "exploitabilityScore" : 4.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0333", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/hp/current/0044.html", "name" : "HPSBUX0305-259", "refsource" : "HP", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/971364", "name" : "VU#971364", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7627", "name" : "7627", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105190667523456&w=2", "name" : "20030502 Re: from bugtraq: HP-UX 11.0 /usr/bin/kermit (fwd)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105189670912220&w=2", "name" : "20030502 HP-UX 11.0 /usr/bin/kermit", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11929", "name" : "hp-ckermit-bo(11929)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to gain privileges via long arguments to (1) ask, (2) askq, (3) define, (4) assign, and (5) getc, some of which may share the same underlying function \"doask,\" a different vulnerability than CVE-2001-0085." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-19T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0334", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000655", "name" : "CLA-2003:655", "refsource" : "CONECTIVA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7551", "name" : "7551", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:069", "name" : "MDKSA-2003:069", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105259643606984&w=2", "name" : "20030510 BitchX: Crash when channel modes change", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12008", "name" : "bitchx-mode-change-dos(12008)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:colten_edwards:bitchx:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0c20cvs", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-10T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0335", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105361968110719&w=2", "name" : "20030522 [slackware-security] quotacheck security fix in rc.M (SSA:2003-141-06)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "rc.M in Slackware 9.0 calls quotacheck with the -M option, which causes the filesystem to be remounted and possibly reset security-relevant mount flags such as nosuid, nodev, and noexec." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-22T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0336", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105362278914731&w=2", "name" : "20030522 Eudora 5.2.1 attachment spoof", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files via an email message with a carriage return (CR) character in a spoofed \"Attachment Converted:\" string, which is not properly handled by Eudora." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qualcomm:eudora:5.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-22T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0337", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105361879109409&w=2", "name" : "20030522 Security advisory: LSF 5.1 local root exploit", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 allows local users to execute arbitrary programs by modifying the LSF_ENVDIR environment variable to reference an alternate lsf.conf file, then modifying LSF_SERVERDIR to point to a malicious lim program, which lsadmin then executes." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:platform:lsadmin:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-22T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0338", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0077.html", "name" : "20030521 [INetCop Security Advisory] WsMP3d Directory Traversing Vulnerability", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105353168619211&w=2", "name" : "20030521 [INetCop Security Advisory] WsMP3d Directory Traversing Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allows remote attackers to read and execute arbitrary files via .. (dot dot) sequences in HTTP GET or POST requests." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_daemon:0.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_daemon:0.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_daemon:0.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-21T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0339", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105361764807746&w=2", "name" : "20030522 WsMp3d remote exploit.", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105353178019353&w=2", "name" : "20030521 Remote Heap Corruption Overflow vulnerability in WsMp3d.", "refsource" : "VULNWATCH", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allow remote attackers to execute arbitrary code via long HTTP requests." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_daemon:0.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_daemon:0.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_daemon:0.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-22T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0340", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-05/0230.html", "name" : "20030521 Demarc Puresecure v1.6 - Plaintext password issue -", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Demarc Puresecure 1.6 stores authentication information for the logging server in plaintext, which allows attackers to steal login names and passwords to gain privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:demarc_security:puresecure:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-21T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0341", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105353266220520&w=2", "name" : "20030521 [AP] Owl Intranet Engine CSS Bug", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 and earlier allows remote attackers to insert arbitrary script via the Search field." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:owl:owl_intranet_engine:0.71:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:owl:owl_intranet_engine:0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-21T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0342", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105353283720837&w=2", "name" : "20030520 [[ TH 026 Inc. ]] SA #4 - Blackmoon FTP Server cleartext passwords and User enumeration", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, stores user names and passwords in plaintext in the blackmoon.mdb file, which can allow local users to gain privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:selom_ofori:blackmoon_ftp_server:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-20T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0343", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105353283720837&w=2", "name" : "20030520 [[ TH 026 Inc. ]] SA #4 - Blackmoon FTP Server cleartext passwords and User enumeration", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an \"Account does not exist\" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:selom_ofori:blackmoon_ftp_server:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-21T04:00Z", "lastModifiedDate" : "2016-10-18T02:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0344", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.eeye.com/html/Research/Advisories/AD20030604.html", "name" : "AD20030604", "refsource" : "EEYE", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html", "name" : "20030709 IE Object Type Overflow Exploit", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/679556", "name" : "VU#679556", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/8943", "name" : "8943", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105476381609135&w=2", "name" : "20030604 Internet Explorer Object Type Property Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922", "name" : "oval:org.mitre.oval:def:922", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020", "name" : "MS03-020", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0345", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8152", "name" : "8152", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/337764", "name" : "VU#337764", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://securitytracker.com/id?1007154", "name" : "1007154", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9225", "name" : "9225", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12544", "name" : "win-smb-bo(12544)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3391", "name" : "oval:org.mitre.oval:def:3391", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A146", "name" : "oval:org.mitre.oval:def:146", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A118", "name" : "oval:org.mitre.oval:def:118", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-024", "name" : "MS03-024", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server_alpha:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0346", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cert.org/advisories/CA-2003-18.html", "name" : "CA-2003-18", "refsource" : "CERT", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/561284", "name" : "VU#561284", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/265232", "name" : "VU#265232", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105899759824008&w=2", "name" : "20030723 EEYE: Windows MIDI Decoder (QUARTZ.DLL) Heap Corruption", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A218", "name" : "oval:org.mitre.oval:def:218", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1104", "name" : "oval:org.mitre.oval:def:1104", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1095", "name" : "oval:org.mitre.oval:def:1095", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-030", "name" : "MS03-030", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:directx:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:directx:6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:directx:9.0a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:directx:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:directx:7.0a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0347", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8534", "name" : "8534", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.html", "name" : "20030903 EEYE: VBE Document Property Buffer Overflow", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/804780", "name" : "VU#804780", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/9666", "name" : "9666", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106262077829157&w=2", "name" : "20030903 EEYE: VBE Document Property Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037", "name" : "MS03-037", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:visual_basic:6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:visual_basic:6.2:*:sdk:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:office:2000:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:visio:2002:*:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:visual_basic:5.0:*:sdk:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:project:2000:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:project:2002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:office:xp:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:visual_basic:6.3:*:sdk:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0348", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/320516", "name" : "VU#320516", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8034", "name" : "8034", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12440", "name" : "mediaplayer-activex-obtain-information(12440)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-021", "name" : "MS03-021", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:windows_media_player:9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0349", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0306&L=NTBUGTRAQ&P=R4563", "name" : "20030626 Windows Media Services Remote Command Execution #2", "refsource" : "NTBUGTRAQ", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/113716", "name" : "VU#113716", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://securitytracker.com/id?1007059", "name" : "1007059", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9115", "name" : "9115", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105665030925504&w=2", "name" : "20030626 Windows Media Services Remote Command Execution #2", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A938", "name" : "oval:org.mitre.oval:def:938", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-022", "name" : "MS03-022", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0350", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0015.html", "name" : "20030709 Microsoft Utility Manager Local Privilege Escalation", "refsource" : "VULNWATCH", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ngssoftware.com/advisories/utilitymanager.txt", "name" : "http://www.ngssoftware.com/advisories/utilitymanager.txt", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8154", "name" : "8154", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105777681615939&w=2", "name" : "20030709 Microsoft Utility Manager Local Privilege Escalation", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12543", "name" : "win2k-accessibility-gain-privileges(12543)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A451", "name" : "oval:org.mitre.oval:def:451", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-025", "name" : "MS03-025", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a \"Shatter\" style message to the Utility Manager that references a user-controlled callback function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0351", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0306. Reason: This candidate is a reservation duplicate of CVE-2003-0306. Notes: All CVE users should reference CVE-2003-0306 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-10T19:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0352", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8205", "name" : "8205", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007079.html", "name" : "20030726 Re: The French BUGTRAQ (New Win RPC Exploit)", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007357.html", "name" : "20030730 rpcdcom Universal offsets", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.xfocus.org/documents/200307/2.html", "name" : "http://www.xfocus.org/documents/200307/2.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.cert.org/advisories/CA-2003-16.html", "name" : "CA-2003-16", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-19.html", "name" : "CA-2003-19", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/568148", "name" : "VU#568148", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105838687731618&w=2", "name" : "20030716 [LSD] Critical security vulnerability in Microsoft Operating Systems", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105914789527294&w=2", "name" : "20030725 The Analysis of LSD's Buffer Overrun in Windows RPC Interface(code revised )", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12629", "name" : "win-rpc-dcom-bo(12629)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A296", "name" : "oval:org.mitre.oval:def:296", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2343", "name" : "oval:org.mitre.oval:def:2343", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A194", "name" : "oval:org.mitre.oval:def:194", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-026", "name" : "MS03-026", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0353", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8455", "name" : "8455", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=106251069107953&w=2", "name" : "20030821 AppSecInc Security Alert: Buffer Overflow in UDP broadcasts for Microsoft SQL Server client utilities", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106149556627778&w=2", "name" : "20030821 AppSecInc Security Alert: Buffer Overflow in UDP broadcasts for Microsoft SQL Server client utilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A962", "name" : "oval:org.mitre.oval:def:962", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A961", "name" : "oval:org.mitre.oval:def:961", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6954", "name" : "oval:org.mitre.oval:def:6954", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1039", "name" : "oval:org.mitre.oval:def:1039", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-033", "name" : "MS03-033", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.6:gold:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.1.1.3711.11:ga:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.12.4202.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.6:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.6:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.7:gold:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.5:gold:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0354", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-181.html", "name" : "RHSA-2003:181", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-182.html", "name" : "RHSA-2003:182", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:065", "name" : "MDKSA-2003:065", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105465818929172&w=2", "name" : "20030603 [OpenPKG-SA-2003.030] OpenPKG Security Advisory (ghostscript)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A133", "name" : "oval:org.mitre.oval:def:133", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0355", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/320707", "name" : "20030507 Problem: Multiple Web Browsers do not do not validate CN on certificates.", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror_embedded:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0356", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ethereal.com/appnotes/enpa-sa-00009.html", "name" : "http://www.ethereal.com/appnotes/enpa-sa-00009.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-313", "name" : "DSA-313", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/641013", "name" : "VU#641013", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html", "name" : "RHSA-2003:077", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:067", "name" : "MDKSA-2003:067", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A69", "name" : "oval:org.mitre.oval:def:69", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.9.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0357", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ethereal.com/appnotes/enpa-sa-00009.html", "name" : "http://www.ethereal.com/appnotes/enpa-sa-00009.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-313", "name" : "DSA-313", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/232164", "name" : "VU#232164", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/361700", "name" : "VU#361700", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2003-077.html", "name" : "RHSA-2003:077", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7494", "name" : "7494", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7495", "name" : "7495", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:067", "name" : "MDKSA-2003:067", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A73", "name" : "oval:org.mitre.oval:def:73", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.9.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0358", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0", "name" : "20030209 #!ICadv-02.09.03: nethack 3.4.0 local buffer overflow", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://nethack.sourceforge.net/v340/bugmore/secpatch.txt", "name" : "http://nethack.sourceforge.net/v340/bugmore/secpatch.txt", "refsource" : "CONFIRM", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-316", "name" : "DSA-316", "refsource" : "DEBIAN", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-350", "name" : "DSA-350", "refsource" : "DEBIAN", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6806", "name" : "6806", "refsource" : "BID", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11283", "name" : "nethack-s-command-bo(11283)", "refsource" : "XF", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:falconseye_project:falconseye:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.9.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nethack:nethack:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.4.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2020-12-09T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0359", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-316", "name" : "DSA-316", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stichting_mathematisch_centrum:nethack:3.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0360", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-307", "name" : "DSA-307", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://gps.seul.org/changelog.html", "name" : "http://gps.seul.org/changelog.html", "refsource" : "CONFIRM", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.2:*:woody_gps_package:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.3:*:woody_gps_package:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.4:*:woody_gps_package:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.1:*:woody_gps_package:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0361", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-307", "name" : "DSA-307", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://gps.seul.org/changelog.html", "name" : "http://gps.seul.org/changelog.html", "refsource" : "CONFIRM", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.2:*:woody_gps_package:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.4:*:woody_gps_package:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.1:*:woody_gps_package:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.3:*:woody_gps_package:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0362", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-307", "name" : "DSA-307", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://gps.seul.org/changelog.html", "name" : "http://gps.seul.org/changelog.html", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in gPS before 0.10.2 may allow local users to cause a denial of service (SIGSEGV) in rgpsp via long command lines." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.4:*:woody_gps_package:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.1:*:woody_gps_package:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.2:*:woody_gps_package:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.3:*:woody_gps_package:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-09T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0363", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://csdl.computer.org/comp/proceedings/hicss/2004/2056/09/205690277.pdf", "name" : "http://csdl.computer.org/comp/proceedings/hicss/2004/2056/09/205690277.pdf", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other versions allows remote attackers to perform unknown actions via format string specifiers." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:licq:licq:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:licq:licq:1.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0364", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-187.html", "name" : "RHSA-2003:187", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-311", "name" : "DSA-311", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-41.txt", "name" : "TLSA-2003-41", "refsource" : "TURBO", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-195.html", "name" : "RHSA-2003:195", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html", "name" : "RHSA-2003:198", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-312", "name" : "DSA-312", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-332", "name" : "DSA-332", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-336", "name" : "DSA-336", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-442", "name" : "DSA-442", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A295", "name" : "oval:org.mitre.oval:def:295", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0365", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105427404625027&w=2", "name" : "20030529 ICQLite executable trojaning", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ICQLite 2003a creates the ICQ Lite directory with an ACE for \"Full Control\" privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious programs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:icq_inc:icqlite:2003a:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0366", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-318", "name" : "DSA-318", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lysator:lyskom-server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0367", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-308", "name" : "DSA-308", "refsource" : "DEBIAN", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openpkg.org/security/OpenPKG-SA-2003.031-gzip.html", "name" : "http://www.openpkg.org/security/OpenPKG-SA-2003.031-gzip.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-38.txt", "name" : "TLSA-2003-38", "refsource" : "TURBO", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7872", "name" : "7872", "refsource" : "BID", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:068", "name" : "MDKSA-2003:068", "refsource" : "MANDRAKE", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:gzip:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.3.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-02T04:00Z", "lastModifiedDate" : "2019-05-23T14:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0368", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/924812", "name" : "VU#924812", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7854", "name" : "7854", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.atstake.com/research/advisories/2003/a060903-1.txt", "name" : "A060903-1", "refsource" : "ATSTAKE", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12221", "name" : "nokia-ggsn-ip-dos(12221)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nokia:ggsn:release_1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-03T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0370", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kde.org/info/security/advisory-20030602-1.txt", "name" : "http://www.kde.org/info/security/advisory-20030602-1.txt", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/320707", "name" : "20030507 Problem: Multiple Web Browsers do not do not validate CN on certificates.", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-192.html", "name" : "RHSA-2003:192", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-36.txt", "name" : "TLSA-2003-36", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html", "name" : "20030510 [forward]Apple Safari and Konqueror Embedded Common Name Verification Vulnerability", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-193.html", "name" : "RHSA-2003:193", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-361", "name" : "DSA-361", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7520", "name" : "7520", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror_embedded:0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2008-09-10T19:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0371", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105370592729044&w=2", "name" : "20030522 Prishtina FTP v.1.*: remote DoS", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP banner." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:prishtina_soft:prishtina_ftp:v.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0372", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-189" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7664", "name" : "7664", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105364059803427&w=2", "name" : "20030522 Potential security vulnerability in Nessus", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105369506714849&w=2", "name" : "20030523 nessus NASL scripting engine security issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nessus:nessus:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0373", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7664", "name" : "7664", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105364059803427&w=2", "name" : "20030522 Potential security vulnerability in Nessus", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105369506714849&w=2", "name" : "20030523 nessus NASL scripting engine security issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code via (1) a long proto argument to the scanner_add_port function, (2) a long user argument to the ftp_log_in function, (3) a long pass argument to the ftp_log_in function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nessus:nessus:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0374", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7664", "name" : "7664", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105364059803427&w=2", "name" : "20030522 Potential security vulnerability in Nessus", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus and possibly libnasl, a different set of vulnerabilities than those identified by CVE-2003-0372 and CVE-2003-0373, aka \"similar issues in other nasl functions as well as in libnessus.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nessus:nessus:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0375", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7662", "name" : "7662", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://forums.xmbforum.com/viewthread.php?tid=773046", "name" : "http://forums.xmbforum.com/viewthread.php?tid=773046", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105363936402228&w=2", "name" : "20030522 XMB 1.8 Partagium cross site scripting vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", "name" : "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", "refsource" : "MISC", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the \"member\" parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmb_forum:xmb:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmb_forum:xmb:1.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmb_forum:xmb:1.11:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2021-04-29T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0376", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105370625529452&w=2", "name" : "20030523 Eudora 5.2.1 buffer overflow DoS", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a denial of service (crash and failed restart) and possibly execute arbitrary code via an Attachment Converted argument with a large number of . (dot) characters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qualcomm:eudora:5.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0377", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105370528728225&w=2", "name" : "20030523 iisPROTECT SQL injection in admin interface", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable in SiteAdmin.ASP." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:iisprotect:iisprotect:2.2_r4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0378", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/467828", "name" : "VU#467828", "refsource" : "CERT-VN", "tags" : [ "Exploit", "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://docs.info.apple.com/article.html?artnum=107579", "name" : "http://docs.info.apple.com/article.html?artnum=107579", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionEndIncluding" : "10.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-16T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0379", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.apple.com/mhonarc/security-announce/msg00030.html", "name" : "http://lists.apple.com/mhonarc/security-announce/msg00030.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X Server, when sharing files on a UFS or re-shared NFS volume, allows remote attackers to overwrite arbitrary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:afp_server:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2011-03-08T02:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0380", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/82/323886/2003-06-02/2003-06-08/0", "name" : "20030604 possible remote buffer overflow in atftpd", "refsource" : "VULN-DEV", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-06/0056.html", "name" : "20030606 atftpd bug", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-314", "name" : "DSA-314", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and possibly later versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atftpd:atftpd:0.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atftpd:atftpd:0.6.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-02T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0381", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-323", "name" : "DSA-323", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:norman_ramsey:noweb:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0382", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-309", "name" : "DSA-309", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7708", "name" : "7708", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105427580626001&w=2", "name" : "20030509 BAZARR CODE NINER PINK TEAM GO GO GO", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:michael_jennings:eterm:0.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:michael_jennings:eterm:0.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-02T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0385", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-310", "name" : "DSA-310", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105491469815197&w=2", "name" : "20030605 BAZARR LOCAL ROOT AGAIN. HI GUYS. DONT READ THIS", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in xaos 3.0-23 and earlier, when running setuid, allows local users to gain root privileges via a long -language option." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0.23:*:woody:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0.18:*:potato:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-02T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0386", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/324016/2003-06-03/2003-06-09/0", "name" : "20030605 OpenSSH remote clent address restriction circumvention", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/978316", "name" : "VU#978316", "refsource" : "CERT-VN", "tags" : [ "Exploit", "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html", "name" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2006-0298.html", "name" : "RHSA-2006:0298", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7831", "name" : "7831", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/21129", "name" : "21129", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc", "name" : "20060703-01-P", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/21262", "name" : "21262", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm", "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/21724", "name" : "21724", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2006-0698.html", "name" : "RHSA-2006:0698", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/22196", "name" : "22196", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", "name" : "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", "name" : "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/23680", "name" : "23680", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9894", "name" : "oval:org.mitre.oval:def:9894", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass \"from=\" and \"user@host\" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-02T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0388", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/advisory/06.16.03.txt", "name" : "http://www.idefense.com/advisory/06.16.03.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-304.html", "name" : "RHSA-2004:304", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105577915506761&w=2", "name" : "20030616 FW: iDEFENSE Security Advisory 06.16.03: Linux-PAM getlogin() Spoofing", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:andrew_morgan:linux_pam:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.77", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0389", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0112.html", "name" : "20030619 R7-0014: RSA SecurID ACE Agent Cross Site Scripting", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.rapid7.com/advisories/R7-0014.html", "name" : "http://www.rapid7.com/advisories/R7-0014.html", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rsa:ace_agent:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0390", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://nis-www.lanl.gov/~jt/Software/opt/opt-3.19.tar.gz", "name" : "http://nis-www.lanl.gov/~jt/Software/opt/opt-3.19.tar.gz", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105121918523320&w=2", "name" : "20030424 SRT2003-04-24-1532 - Options Parsing Tool library buffer overflows.", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105371246204866&w=2", "name" : "20030523 Re: Options Parsing Tool library buffer overflows.", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:james_theiler:opt:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.18", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-02T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0391", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.magicwinmail.net/changelog.asp", "name" : "http://www.magicwinmail.net/changelog.asp", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105370528428222&w=2", "name" : "20030523 Magic Winmail Server", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in Magic WinMail Server 2.3, and possibly other 2.x versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the PASS command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:amax_information_technologies:magic_winmail_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-02T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0392", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105372353017778&w=2", "name" : "20030523 ST FTP Service v3.0: directory traversal", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in ST FTP Service 3.0 allows remote attackers to list arbitrary directories via a CD command with a DoS drive letter argument (e.g. E:)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:st:ftp_service:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-02T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0393", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7700", "name" : "7700", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105380229532320&w=2", "name" : "20030524 Some problems in Privatefirewall 3.0", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Privacyware Privatefirewall 3.0 does not block certain incoming packets when in \"Filter Internet Traffic\" or Deny Internet Traffic\" modes, which allows remote attackers to identify running services via FIN scans or Xmas scans." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:privacyware:privatefirewall:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-02T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0394", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7677", "name" : "7677", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105379530927567&w=2", "name" : "20030524 PHP source code injection in BLNews", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute arbitrary PHP code via a Server[path] parameter that points to malicious code on an attacker-controlled web site." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:blnews:blnews:2.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-02T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0395", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://f0kp.iplus.ru/bz/024.en.txt", "name" : "http://f0kp.iplus.ru/bz/024.en.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105379741528925&w=2", "name" : "20030524 UPB: Discussion Board/Web-Site Takeover", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php_outburst:ultimate_php_board_upb:1.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-02T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0396", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securiteam.com/exploits/5EP0M1P9PO.html", "name" : "http://www.securiteam.com/exploits/5EP0M1P9PO.html", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://sourceforge.net/project/shownotes.php?release_id=156242", "name" : "http://sourceforge.net/project/shownotes.php?release_id=156242", "refsource" : "MISC", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7437", "name" : "7437", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105154433926396&w=2", "name" : "20030428 ATM on Linux Exploit Code Release (les, local)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105405560021979&w=2", "name" : "20030524 ATM on linux Exploit(les,local)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11903", "name" : "atmonlinux-les-command-bo(11903)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if used setuid, allows local users to gain privileges via a long -f command line argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:linux-atm:linux-atm:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-02T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0397", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/12086.php", "name" : "fastrack-packet-0-bo(12086)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7680", "name" : "7680", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105405708923565&w=2", "name" : "20030526 The PACKET 0' DEATH FastTrack network vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 and possibly other versions and products, allows remote attackers to execute arbitrary code via a packet containing a large list of supernodes, aka \"Packet 0' death.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sharman_networks:kazaa:v2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-02T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0398", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.s21sec.com/es/avisos/s21sec-016-en.txt", "name" : "http://www.s21sec.com/es/avisos/s21sec-016-en.txt", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/12077.php", "name" : "vignette-ssi-command-execution(12077)", "refsource" : "XF", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7685", "name" : "7685", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105405734223874&w=2", "name" : "20030526 S21SEC-016 - Vignette SSI Injection", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled, allows remote attackers to execute arbitrary code via a text variable to a Vignette Application that is later displayed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-02T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0399", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.s21sec.com/es/avisos/s21sec-017-en.txt", "name" : "http://www.s21sec.com/es/avisos/s21sec-017-en.txt", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/12076.php", "name" : "vignette-save-obtain-information(12076)", "refsource" : "XF", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7683", "name" : "7683", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105405874325673&w=2", "name" : "20030526 S21SEC-017 - Vignette /vgn/legacy/save SQL access", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-02T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0400", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.s21sec.com/es/avisos/s21sec-018-en.txt", "name" : "http://www.s21sec.com/es/avisos/s21sec-018-en.txt", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/12075.php", "name" : "vignette-memory-leak(12075)", "refsource" : "XF", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7684", "name" : "7684", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105405985126857&w=2", "name" : "20030526 S21SEC-018 - Vignette memory leak AIX Platform", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Vignette StoryServer and Vignette V/5 does not properly calculate the size of text variables, which causes Vignette to return unauthorized portions of memory, as demonstrated using the \"-->\" string in a CookieName argument to the login template, referred to as a \"memory leak\" in some reports." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-30T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0401", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.s21sec.com/es/avisos/s21sec-019-en.txt", "name" : "http://www.s21sec.com/es/avisos/s21sec-019-en.txt", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/12074.php", "name" : "vignette-style-info-disclosure(12074)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7688", "name" : "7688", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105405793324661&w=2", "name" : "20030526 S21SEC-019 - Vignette /vgn/style internal information leak", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Vignette StoryServer and Vignette V/5 allows remote attackers to obtain sensitive information via a request for the /vgn/style template." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-30T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0402", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.s21sec.com/en/avisos/s21sec-020-en.txt", "name" : "http://www.s21sec.com/en/avisos/s21sec-020-en.txt", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/12073.php", "name" : "vignette-login-account-bruteforce(12073)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7691", "name" : "7691", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105405880325755&w=2", "name" : "20030526 S21SEC-020 - Vignette user enumeration", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The default login template (/vgn/login) in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-30T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0403", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.s21sec.com/es/avisos/s21sec-021-en.txt", "name" : "http://www.s21sec.com/es/avisos/s21sec-021-en.txt", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/12072.php", "name" : "vignette-license-modification(12072)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7694", "name" : "7694", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105405789924612&w=2", "name" : "20030526 S21SEC-021 - Vignette License access and modification", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Vignette StoryServer 5 and Vignette V/5 allows remote attackers to read and modify license information, and cause a denial of service (service halt) by directly accessing the /vgn/license template." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-30T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0404", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.s21sec.com/es/avisos/s21sec-023-en.txt", "name" : "http://www.s21sec.com/es/avisos/s21sec-023-en.txt", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/12071.php", "name" : "vignette-multiple-xss(12071)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7687", "name" : "7687", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105406028027360&w=2", "name" : "20030526 S21SEC-023 - Vignette multiple Cross Site Scripting vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-30T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0405", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.s21sec.com/es/avisos/s21sec-024-en.txt", "name" : "http://www.s21sec.com/es/avisos/s21sec-024-en.txt", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/12070.php", "name" : "vignette-tcl-code-execution(12070)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7690", "name" : "7690", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7692", "name" : "7692", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105405922826197&w=2", "name" : "20030526 S21SEC-024 - Vignette TCL Injection", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-30T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0406", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/12083.php", "name" : "palmvnc-plaintext-passwords(12083)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7696", "name" : "7696", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105405691423389&w=2", "name" : "20030526 PalmVNC 1.40 Insecure Records", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PalmVNC 1.40 and earlier stores passwords in plaintext in the PalmVNCDB, which is backed up to PCs that the Palm is synchronized with, which could allow attackers to gain privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:palmvnc:palmvnc:1.40:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-30T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0407", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/12087.php", "name" : "batalla-naval-bo(12087)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7699", "name" : "7699", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105405668423102&w=2", "name" : "20030526 [Priv8security_Advisory]_Batalla_Naval_remote_overflow", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remote attackers to execute arbitrary code via a long connection string." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:batalla_naval:1.0_4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-30T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0408", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/12131.php", "name" : "upclient-command-line-bo(12131)", "refsource" : "XF", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7703", "name" : "7703", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105405629622652&w=2", "name" : "20030527 NuxAcid#002 - Buffer Overflow in UpClient", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other versions, allows local users to gain privileges via a long -p argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:the_uptimes_project:upclient:5.0b7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-30T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0409", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/12107.php", "name" : "webweaver-head-post-bo(12107)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7695", "name" : "7695", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105405836025160&w=2", "name" : "20030527 BRS WebWeaver: POST and HEAD Overflaws", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP (1) POST or (2) HEAD request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brs:webweaver:1.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-30T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0410", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0082.html", "name" : "20030526 NII Advisory - Buffer Overflow in Analogx Proxy", "refsource" : "VULNWATCH", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.analogx.com/contents/download/network/proxy.htm", "name" : "http://www.analogx.com/contents/download/network/proxy.htm", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/12068.php", "name" : "analogx-proxy-url-bo(12068)", "refsource" : "XF", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7681", "name" : "7681", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105406759403978&w=2", "name" : "20030526 NII Advisory - Buffer Overflow in Analogx Proxy", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to execute arbitrary code via a long URL to port 6588." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:analogx:proxy:4.13:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-30T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0411", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity", "name" : "55221", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-103.shtml", "name" : "N-103", "refsource" : "CIAC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/12093.php", "name" : "sunone-jsp-source-disclosure(12093)", "refsource" : "XF", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7709", "name" : "7709", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.spidynamics.com/sunone_alert.html", "name" : "http://www.spidynamics.com/sunone_alert.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1", "name" : "1000610", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105409846029475&w=2", "name" : "20030526 Multiple Vulnerabilities in Sun-One Application Server", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase \".JSP\" extension instead of the lowercase .jsp extension." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_application_server:7.0:*:platform:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_application_server:7.0:*:standard:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-30T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0412", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity", "name" : "55221", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-103.shtml", "name" : "N-103", "refsource" : "CIAC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7711", "name" : "7711", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.spidynamics.com/sunone_alert.html", "name" : "http://www.spidynamics.com/sunone_alert.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1", "name" : "1000610", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105409846029475&w=2", "name" : "20030526 Multiple Vulnerabilities in Sun-One Application Server", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of a long HTTP request, which could allow remote attackers to hide malicious activities." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_application_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-30T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0413", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity", "name" : "55221", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-103.shtml", "name" : "N-103", "refsource" : "CIAC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/12095.php", "name" : "sunone-http-error-xss(12095)", "refsource" : "XF", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7710", "name" : "7710", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.spidynamics.com/sunone_alert.html", "name" : "http://www.spidynamics.com/sunone_alert.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57605", "name" : "57605", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201009-1", "name" : "201009", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1", "name" : "1000610", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105409846029475&w=2", "name" : "20030526 Multiple Vulnerabilities in Sun-One Application Server", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an \"Invalid JSP file\" error, which inserts the text in the resulting error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_application_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-30T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0414", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity", "name" : "55221", "refsource" : "SUNALERT", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-103.shtml", "name" : "N-103", "refsource" : "CIAC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/12096.php", "name" : "sunone-insecure-file-permissions(12096)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7712", "name" : "7712", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.spidynamics.com/sunone_alert.html", "name" : "http://www.spidynamics.com/sunone_alert.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1", "name" : "1000610", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105409846029475&w=2", "name" : "20030526 Multiple Vulnerabilities in Sun-One Application Server", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_application_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-30T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0415", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ytech.co.il/advisories/rpca/rpcaccess.htm", "name" : "http://www.ytech.co.il/advisories/rpca/rpcaccess.htm", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7698", "name" : "7698", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105417988811698&w=2", "name" : "20030528 Remote PC Access Server 2.2 Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Remote PC Access Server 2.2 allows remote attackers to cause a denial of service (crash) by receiving packets from the server and sending them back to the server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:access-remote-pc.com:remote_pc_access:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-30T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0416", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/12108.php", "name" : "bandmin-index-xss(12108)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7729", "name" : "7729", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105418152212771&w=2", "name" : "20030528 Bandmin 1.4 XSS Exploit", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 allows remote attackers to insert arbitrary HTML or script via (1) the year parameter in a showmonth action, (2) the month parameter in a showmonth action, or (3) the host parameter in a showhost action." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bandmin:bandmin:1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-30T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0417", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/12103.php", "name" : "sonhserver-pipe-directory-traversal(12103)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7717", "name" : "7717", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105417983711685&w=2", "name" : "20030529 Son hServer v0.2: directory traversal", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in Son hServer 0.2 allows remote attackers to read arbitrary files via \".|.\" (modified dot-dot) sequences." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:super-m:son_hserver:0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-30T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0418", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak.txt", "name" : "http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/471084", "name" : "VU#471084", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105519179005065&w=2", "name" : "20030609 Linux 2.0 remote info leak from too big icmp citation", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Linux 2.0 kernel IP stack does not properly calculate the size of an ICMP citation, which causes it to include portions of unauthorized memory in ICMP error responses." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.29:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.35:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.27:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.31:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.34:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.26:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.39:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.33:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.25:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.37:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0419", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/advisory/06.11.03.txt", "name" : "http://www.idefense.com/advisory/06.11.03.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR allows remote attackers to cause a denial of service via certain packets to PPTP port 1723 on the internal interface." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:smc_networks:barricade_wireless_cable_dsl_broadband_router:smc7004vwbr:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0420", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/JPLA-5NTL8E", "name" : "http://www.kb.cert.org/vuls/id/JPLA-5NTL8E", "refsource" : "MISC", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.auscert.org.au/render.html?it=3165", "name" : "ESB-2003.0415", "refsource" : "AUSCERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7894", "name" : "7894", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/9025/", "name" : "9025", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12342", "name" : "macos-dsimportexport-obtain-information(12342)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-13T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0421", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html", "name" : "20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.rapid7.com/advisories/R7-0015.html", "name" : "http://www.rapid7.com/advisories/R7-0015.html", "refsource" : "MISC", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0422", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html", "name" : "20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.rapid7.com/advisories/R7-0015.html", "name" : "http://www.rapid7.com/advisories/R7-0015.html", "refsource" : "MISC", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0423", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html", "name" : "20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.rapid7.com/advisories/R7-0015.html", "name" : "http://www.rapid7.com/advisories/R7-0015.html", "refsource" : "MISC", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0424", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html", "name" : "20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.rapid7.com/advisories/R7-0015.html", "name" : "http://www.rapid7.com/advisories/R7-0015.html", "refsource" : "MISC", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . (%2e) characters to an HTTP request for the script, e.g. view_broadcast.cgi." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0425", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html", "name" : "20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.rapid7.com/advisories/R7-0015.html", "name" : "http://www.rapid7.com/advisories/R7-0015.html", "refsource" : "MISC", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0426", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html", "name" : "20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.rapid7.com/advisories/R7-0015.html", "name" : "http://www.rapid7.com/advisories/R7-0015.html", "refsource" : "MISC", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a \"Setup Assistant\" page that allows remote attackers to set the administrator password and gain privileges before the real administrator." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0427", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-320", "name" : "DSA-320", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2005-506.html", "name" : "RHSA-2005:506", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A647", "name" : "oval:org.mitre.oval:def:647", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10194", "name" : "oval:org.mitre.oval:def:10194", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to execute arbitrary code via an archive file that contains a file with a long filename." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:miod_vallat:mikmod:3.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0428", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html", "name" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-324", "name" : "DSA-324", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt", "name" : "CSSA-2003-030.0", "refsource" : "SCO", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/542540", "name" : "VU#542540", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/9007", "name" : "9007", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662", "name" : "CLA-2003:662", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html", "name" : "RHSA-2003:077", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A75", "name" : "oval:org.mitre.oval:def:75", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.9.12", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0429", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html", "name" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-324", "name" : "DSA-324", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt", "name" : "CSSA-2003-030.0", "refsource" : "SCO", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9007", "name" : "9007", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662", "name" : "CLA-2003:662", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html", "name" : "RHSA-2003:077", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A84", "name" : "oval:org.mitre.oval:def:84", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.9.12", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0430", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html", "name" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt", "name" : "CSSA-2003-030.0", "refsource" : "SCO", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9007", "name" : "9007", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662", "name" : "CLA-2003:662", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html", "name" : "RHSA-2003:077", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A88", "name" : "oval:org.mitre.oval:def:88", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.9.12", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0431", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html", "name" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-324", "name" : "DSA-324", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt", "name" : "CSSA-2003-030.0", "refsource" : "SCO", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9007", "name" : "9007", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662", "name" : "CLA-2003:662", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html", "name" : "RHSA-2003:077", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A101", "name" : "oval:org.mitre.oval:def:101", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.9.12", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0432", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html", "name" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-324", "name" : "DSA-324", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt", "name" : "CSSA-2003-030.0", "refsource" : "SCO", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9007", "name" : "9007", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662", "name" : "CLA-2003:662", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html", "name" : "RHSA-2003:077", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A106", "name" : "oval:org.mitre.oval:def:106", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.9.12", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0433", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-315", "name" : "DSA-315", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in gnocatan 0.6.1 and earlier allow attackers to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnocatan-develop:gnocatan:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.6.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0434", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-196.html", "name" : "RHSA-2003:196", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-197.html", "name" : "RHSA-2003:197", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html", "name" : "20030613 -10Day CERT Advisory on PDF Files", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/200132", "name" : "VU#200132", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/9037", "name" : "9037", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9038", "name" : "9038", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:071", "name" : "MDKSA-2003:071", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105777963019186&w=2", "name" : "20030709 xpdf vulnerability - CAN-2003-0434", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664", "name" : "oval:org.mitre.oval:def:664", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0435", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-322", "name" : "DSA-322", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105553002105111&w=2", "name" : "20030612 BAZARR THUG LIFE , DONT READ OR VIRUS INFECT YOU", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier allows remote attackers to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:typespeed:typespeed:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.4.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0436", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7865", "name" : "7865", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005543.html", "name" : "20030610 mnogosearch 3.1.20 and 3.2.10 buffer overflow", "refsource" : "FULLDISC", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote attackers to execute arbitrary code via a long ul parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mnogosearch:mnogosearch:3.1.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2008-09-10T19:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0437", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7866", "name" : "7866", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005543.html", "name" : "20030610 mnogosearch 3.1.20 and 3.2.10 buffer overflow", "refsource" : "FULLDISC", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote attackers to execute arbitrary code via a long tmplt parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mnogosearch:mnogosearch:3.2.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2008-09-10T19:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0438", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-325", "name" : "DSA-325", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yuuichi_teranishi:eldav:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.7.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 1.2 }, "severity" : "LOW", "exploitabilityScore" : 1.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0439", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0440", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-339", "name" : "DSA-339", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-234.html", "name" : "RHSA-2003:234", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-231.html", "name" : "RHSA-2003:231", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A569", "name" : "oval:org.mitre.oval:def:569", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:semi:semi:1.14.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0441", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-326", "name" : "DSA-326", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7988", "name" : "7988", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12381", "name" : "orvillewrite-variables-bo(12381)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in Orville Write (orville-write) 2.53 and earlier allow local users to gain privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:orville-write:orville-write:2.53:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-03T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0442", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://shh.thathost.com/secadv/2003-05-11-php.txt", "name" : "http://shh.thathost.com/secadv/2003-05-11-php.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-204.html", "name" : "RHSA-2003:204", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-351", "name" : "DSA-351", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7761", "name" : "7761", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691", "name" : "CLSA-2003:691", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:082", "name" : "MDKSA-2003:082", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.turbolinux.co.jp/security/2003/TLSA-2003-47j.txt", "name" : "TLSA-2003-47", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-112.shtml", "name" : "N-112", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.osvdb.org/4758", "name" : "4758", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1008653", "name" : "1008653", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105760591228031&w=2", "name" : "20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105449314612963&w=2", "name" : "20030530 PHP Trans SID XSS (Was: New php release with security fixes)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12259", "name" : "php-session-id-xss(12259)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A485", "name" : "oval:org.mitre.oval:def:485", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.3.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0444", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-337", "name" : "DSA-337", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8061", "name" : "8061", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12462", "name" : "gtksee-png-bo(12462)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote attackers to execute arbitrary code via a PNG image of certain color depths." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gtksee:gtksee:0.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gtksee:gtksee:0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-29T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0445", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-328", "name" : "DSA-328", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in webfs before 1.17.1 allows remote attackers to execute arbitrary code via an HTTP request with a long Request-URI." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webfs:webfs:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.17", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0446", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://security.greymagic.com/adv/gm013-ie/", "name" : "http://security.greymagic.com/adv/gm013-ie/", "refsource" : "MISC", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005762.html", "name" : "20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-06/0120.html", "name" : "20030617 Re: Cross-Site Scripting in Unparsable XML Files (GM#013-IE)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7938", "name" : "7938", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/3065", "name" : "3065", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9055", "name" : "9055", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105595990924165&w=2", "name" : "20030617 Re: [Full-Disclosure] Cross-Site Scripting in Unparsable XML Files", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105585986015421&w=2", "name" : "20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=105585001905002&w=2", "name" : "20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12334", "name" : "ie-msxml-xss(12334)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0447", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://security.greymagic.com/adv/gm014-ie/", "name" : "http://security.greymagic.com/adv/gm014-ie/", "refsource" : "MISC", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005763.html", "name" : "20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105585933614773&w=2", "name" : "20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=105585142406147&w=2", "name" : "20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)", "refsource" : "NTBUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a \"javascript:\" link to be generated." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.1 }, "severity" : "MEDIUM", "exploitabilityScore" : 4.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : true } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0448", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105588111714856&w=2", "name" : "20030618 Portmon file arbitrary read/write access vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Portmon 1.7 and possibly earlier versions allows local users to read and write arbitrary files via the (1) -c (host file) or (2) -l (log file) command line options." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aboleo.net:portmon:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.6 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-24T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0449", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.secnetops.com/research/advisories/SRT2003-06-13-0945.txt", "name" : "http://www.secnetops.com/research/advisories/SRT2003-06-13-0945.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.secnetops.com/research/advisories/SRT2003-06-13-1009.txt", "name" : "http://www.secnetops.com/research/advisories/SRT2003-06-13-1009.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105561189625082&w=2", "name" : "20030614 SRT2003-06-13-1009 - Progress _dbagent -installdir dlopen() issue", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105561134624665&w=2", "name" : "20030614 SRT2003-06-13-0945 - Progress PATH based dlopen() issue", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:progress:database:9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0450", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196063", "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196063", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-321", "name" : "DSA-321", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-40.txt", "name" : "TLSA-2003-40", "refsource" : "TURBO", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_030_radiusd_cistron.html", "name" : "SuSE-SA:2003:030", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000664", "name" : "CLA-2003:664", "refsource" : "CONECTIVA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large value in an NAS-Port attribute, which is interpreted as a negative number and causes a buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cistron:radius_daemon:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.6.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2008-09-10T19:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0451", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-327", "name" : "DSA-327", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in xbl before 1.0k allow local users to gain privileges via certain long command line arguments." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xblockout:xbl:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0j", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0452", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-329", "name" : "DSA-329", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflows in osh before 1.7-11 allow local users to execute arbitrary code and bypass shell restrictions via (1) long environment variables or (2) long \"file redirections.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gunnar_ritter:osh:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.7-10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0453", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-348", "name" : "DSA-348", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105613905425563&w=2", "name" : "20030620 BAZARR FAREWELL", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain \"nprobes\" and \"max_ttl\" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ehud_gavron:traceroute-nanog:6.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0454", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-334", "name" : "DSA-334", "refsource" : "DEBIAN", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local users to gain privileges via a long HOME environment variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:joe_rumsey:xgalaga:2.0.34:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0455", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-331", "name" : "DSA-331", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-494.html", "name" : "RHSA-2004:494", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105786393628728&w=2", "name" : "20030710 [OpenPKG-SA-2003.034] OpenPKG Security Advisory (imagemagick)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:imagemagick:libmagick_library:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0456", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8075", "name" : "8075", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html", "name" : "20030701 VisNetic WebSite Path Disclosure Vulnerability", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.krusesecurity.dk/advisories/vis0103.txt", "name" : "http://www.krusesecurity.dk/advisories/vis0103.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105733894003737&w=2", "name" : "20030701 VisNetic WebSite Path Disclosure Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12483", "name" : "visnetic-website-path-disclosure(12483)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:deerfield:visnetic_website:3.5.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:deerfield:visnetic_website:3.5.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:deerfield:visnetic_website:3.5.17:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0458", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/advisories/5545", "name" : "SSRT3488", "refsource" : "HP", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8080", "name" : "8080", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and G01.00 through G06.20, allows local users to gain additional privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d40.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d41.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d42.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d42.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d48.03:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g01.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g02.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g03.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d45.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d45.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d48.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.05:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d44.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d44.02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d44.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.04:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g05.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d46.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g04.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.09:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d43.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.03:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d48.02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.07:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g05.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d47.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d43.02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d48.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d43.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.06:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.08:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0459", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-235.html", "name" : "RHSA-2003:235", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-236.html", "name" : "RHSA-2003:236", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kde.org/info/security/advisory-20030729-1.txt", "name" : "http://www.kde.org/info/security/advisory-20030729-1.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html", "name" : "20030729 KDE Security Advisory: Konqueror Referrer Authentication Leak", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-45.txt", "name" : "TLSA-2003-45", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-361", "name" : "DSA-361", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747", "name" : "CLA-2003:747", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:079", "name" : "MDKSA-2003:079", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105986238428061&w=2", "name" : "20030802 [slackware-security] KDE packages updated (SSA:2003-213-01)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A411", "name" : "oval:org.mitre.oval:def:411", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the \"user:password@host\" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror_embedded:0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:analog_real-time_synthesizer:2.1.1-5:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdelibs:3.0.0-10:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdelibs:3.1-10:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_sound:2.1.1-5:*:i386_sound:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_sound:2.2-11:*:i386_sound:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdebase:3.0.3-13:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdelibs:2.2-11:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_devel:2.2-11:*:ia64_dev:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_sound_devel:2.2-11:*:i386_sound_dev:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:analog_real-time_synthesizer:2.2-11:*:ia64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:2.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_devel:3.1-10:*:i386_dev:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_sound_devel:2.2-11:*:ia64_sound_dev:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:analog_real-time_synthesizer:2.2-11:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdebase:3.0.3-13:*:i386_dev:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_devel:3.0.0-10:*:i386_dev:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_devel:2.1.1-5:*:i386_dev:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdelibs:2.1.1-5:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_sound_devel:2.1.1-5:*:i386_sound_dev:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_devel:2.2-11:*:i386_dev:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_devel:3.0.3-8:*:i386_dev:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdelibs:2.2-11:*:ia64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_sound:2.2-11:*:ia64_sound:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0460", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.apache.org/dist/httpd/Announcement.html", "name" : "http://www.apache.org/dist/httpd/Announcement.html", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.kb.cert.org/vuls/id/694428", "name" : "VU#694428", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.3.27", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2021-06-06T11:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0461", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html", "name" : "RHSA-2003:238", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-423", "name" : "DSA-423", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html", "name" : "http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-188.html", "name" : "RHSA-2004:188", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-358", "name" : "DSA-358", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A997", "name" : "oval:org.mitre.oval:def:997", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9330", "name" : "oval:org.mitre.oval:def:9330", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A304", "name" : "oval:org.mitre.oval:def:304", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0462", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html", "name" : "RHSA-2003:238", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-423", "name" : "DSA-423", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html", "name" : "RHSA-2003:198", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-358", "name" : "DSA-358", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-239.html", "name" : "RHSA-2003:239", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A309", "name" : "oval:org.mitre.oval:def:309", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 1.2 }, "severity" : "LOW", "exploitabilityScore" : 1.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0463", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-10T19:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0464", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html", "name" : "RHSA-2003:238", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A311", "name" : "oval:org.mitre.oval:def:311", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0465", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2004-188.html", "name" : "RHSA-2004:188", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=linux-kernel&m=105796415223490&w=2", "name" : "http://marc.info/?l=linux-kernel&m=105796415223490&w=2", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=linux-kernel&m=105796021120436&w=2", "name" : "http://marc.info/?l=linux-kernel&m=105796021120436&w=2", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10285", "name" : "oval:org.mitre.oval:def:10285", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0466", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8315", "name" : "8315", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html", "name" : "20030731 wu-ftpd fb_realpath() off-by-one bug", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/743092", "name" : "VU#743092", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt", "name" : "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-245.html", "name" : "RHSA-2003:245", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-246.html", "name" : "RHSA-2003:246", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html", "name" : "SuSE-SA:2003:032", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-357", "name" : "DSA-357", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc", "name" : "NetBSD-SA2003-011.txt.asc", "refsource" : "NETBSD", "tags" : [ ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-46.txt", "name" : "TLSA-2003-46", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01", "name" : "IMNX-2003-7+-019-01", "refsource" : "IMMUNIX", "tags" : [ ] }, { "url" : "http://www.osvdb.org/6602", "name" : "6602", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1007380", "name" : "1007380", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9423", "name" : "9423", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9446", "name" : "9446", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9447", "name" : "9447", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9535", "name" : "9535", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/424852/100/0/threaded", "name" : "20060213 Latest wu-ftpd exploit :-s", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/425061/100/0/threaded", "name" : "20060214 Re: Latest wu-ftpd exploit :-s", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:080", "name" : "MDKSA-2003:080", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1", "name" : "1001257", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106001702232325&w=2", "name" : "20030804 wu-ftpd-2.6.2 off-by-one remote exploit.", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105967301604815&w=2", "name" : "20030731 wu-ftpd fb_realpath() off-by-one bug", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106002488209129&w=2", "name" : "20030804 Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106001410028809&w=2", "name" : "FreeBSD-SA-03:08", "refsource" : "FREEBSD", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12785", "name" : "libc-realpath-offbyone-bo(12785)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1970", "name" : "oval:org.mitre.oval:def:1970", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:wu_ftpd:2.6.1-16:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:wu_ftpd:2.6.1-16:*:powerpc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:wu_ftpd:2.6.1-18:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:wu_ftpd:2.6.1-18:*:ia64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:wu_ftpd:2.6.2-5:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:wu_ftpd:2.6.2-8:*:i386:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.1.1:release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.1.1:stable:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:releng:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:stable:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:releng:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:stable:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:stable:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:stable:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.2:stable:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:stable:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.8:pre-release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:alpha:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.0:alpha:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0467", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105985703724758&w=2", "name" : "20030802 [SECURITY] Netfilter Security Advisory: NAT Remote DOS (SACK mangle)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote attackers to cause a denial of service (crash) in systems using NAT, possibly due to an integer signedness error." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0468", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-363", "name" : "DSA-363", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-251.html", "name" : "RHSA-2003:251", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_033_postfix.html", "name" : "SuSE-SA:2003:033", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8333", "name" : "8333", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9433", "name" : "9433", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717", "name" : "CLA-2003:717", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:081", "name" : "MDKSA-2003:081", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106001525130257&w=2", "name" : "20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A522", "name" : "oval:org.mitre.oval:def:522", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct \"bounce scans\" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a \"!\" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:2000-02-28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:2001-11-15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:conectiva:linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:conectiva:linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:1999-09-06:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:1999-12-31:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:1.0.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:1.1.11:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0469", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/006067.html", "name" : "20030625 Re: Internet Explorer >=5.0 : Buffer overflow", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006155.html", "name" : "20030701 PoC for Internet Explorer >=5.0 buffer overflow (trivial exploit for hard case).", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.cert.org/advisories/CA-2003-14.html", "name" : "CA-2003-14", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/823260", "name" : "VU#823260", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8016", "name" : "8016", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105639925122961&w=2", "name" : "20030622 Internet Explorer >=5.0 : Buffer overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-023", "name" : "MS03-023", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long \"align\" argument in an HR tag." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0470", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/006014.html", "name" : "20030622 Symantec ActiveX control buffer overflow", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/527228", "name" : "VU#527228", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8008", "name" : "8008", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1007029", "name" : "1007029", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9091", "name" : "9091", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105647537823877&w=2", "name" : "20030624 [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12423", "name" : "symantec-security-activex-bo(12423)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the \"RuFSI Utility Class\" ActiveX control (aka \"RuFSI Registry Information Class\"), as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:security_check:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0471", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8024", "name" : "8024", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/2207", "name" : "2207", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105648385900792&w=2", "name" : "20030624 Re: WebAdmin from ALT-N remote exploit PoC", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105647081418155&w=2", "name" : "20030624 Remote Buffer Overrun WebAdmin.exe", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alt-n:webadmin:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0472", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030607-01-P", "name" : "20030607-01-P", "refsource" : "SGI", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8027", "name" : "8027", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/8585", "name" : "8585", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12676", "name" : "irix-inetd-portscan-dos(12676)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a denial of service (hang) in inetd via port scanning." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0473", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030607-01-P", "name" : "20030607-01-P", "refsource" : "SGI", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8029", "name" : "8029", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/8586", "name" : "8586", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12677", "name" : "irix-snoop-gain-privileges(12677)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes snoop to process packets as the root user, with unknown implications." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0474", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105049794801319&w=2", "name" : "20030416 SFAD03-001: iWeb Mini Web Server Remote Directory Traversal", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105673543626636&w=2", "name" : "20030627 Re: TA-2003-06 Directory Transversal Vulnerability in iWeb Server", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in iWeb Server allows remote attackers to read arbitrary files via an HTTP request containing .. sequences, a different vulnerability than CVE-2003-0475." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ashley_brown:iweb_server:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0475", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105640001823769&w=2", "name" : "20030623 TA-2003-06 Directory Transversal Vulnerability in iWeb Server 2", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105673543626636&w=2", "name" : "20030627 Re: TA-2003-06 Directory Transversal Vulnerability in iWeb Server", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in iWeb Server 2 allows remote attackers to read arbitrary files via an HTTP request containing URL-encoded .. sequences (\"%5c%2e%2e\"), a different vulnerability than CVE-2003-0474." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ashley_brown:iweb_server:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0476", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-368.html", "name" : "RHSA-2003:368", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-423", "name" : "DSA-423", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html", "name" : "RHSA-2003:238", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-408.html", "name" : "RHSA-2003:408", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-358", "name" : "DSA-358", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074", "name" : "MDKSA-2003:074", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105664924024009&w=2", "name" : "20030626 Linux 2.4.x execve() file read race vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A327", "name" : "oval:org.mitre.oval:def:327", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0477", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.wzdftpd.net/changea.html", "name" : "http://www.wzdftpd.net/changea.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105674242105302&w=2", "name" : "20030627 wzdftpd remote DoS", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command without an argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wzdftpd:wzdftpd:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.1_rc4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0478", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105665996104723&w=2", "name" : "20030626 Bahamut IRCd <= 1.4.35 and several derived daemons", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105673555726823&w=2", "name" : "20030627 Bahamut DoS", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105673489525906&w=2", "name" : "20030627 Re: Bahamut IRCd <= 1.4.35 and several derived daemons", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request containing format strings." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hans_westerhof:digatech:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wenet:ircd-ru:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andromede:adromedeircd:1.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:daniel_moss:methane:0.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:bahamut:ircd:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.4.35", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0479", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105673452325230&w=2", "name" : "20030627 WebBBS Guestbook : Cross Site Scripting", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS allows remote attackers to insert arbitrary web script via the (1) Name, (2) Email, or (3) Message fields." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:affordable_web_space_design:affordable_web_space_design_webbbs:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0480", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019", "name" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105673688529147&w=2", "name" : "20030627 VMware Workstation 4.0: Possible privilege escalation on the host", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via \"symlink manipulation.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 3.7 }, "severity" : "LOW", "exploitabilityScore" : 1.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0481", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105638743109781&w=2", "name" : "20030623 [KSA-001] Multiple vulnerabilities in Tutos", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to insert arbitrary web script, as demonstrated using the msg parameter to file_select.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gero_kohnert:tutos:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0482", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105638743109781&w=2", "name" : "20030623 [KSA-001] Multiple vulnerabilities in Tutos", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "TUTOS 1.1 allows remote attackers to execute arbitrary code by uploading the code using file_new.php, then directly accessing the uploaded code via a request to the repository containing the code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gero_kohnert:tutos:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0483", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105638720409307&w=2", "name" : "20030623 Many XSS Vulnerabilities in XMB Forum.", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", "name" : "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", "refsource" : "MISC", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium allow remote attackers to insert arbitrary script via (1) the member parameter to member.php or (2) the action parameter to buddy.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmb_forum:xmb:1.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2021-04-29T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0484", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105639883722514&w=2", "name" : "20030621 XSS Exploit In phpBB viewtopic.php", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0485", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7997", "name" : "7997", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105613243117155&w=2", "name" : "20030620 SRT2003-06-20-1232 - Progress 4GL Compiler datatype overflow", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows attackers to execute arbitrary code via source code containing a long, invalid data type." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:progress:4gl_compiler:9.1:d06:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0486", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.phpbb.com/phpBB/viewtopic.php?t=112052", "name" : "http://www.phpbb.com/phpBB/viewtopic.php?t=112052", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7979", "name" : "7979", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105607263130644&w=2", "name" : "20030619 phpBB password disclosure by sql injection", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12366", "name" : "phpbb-viewtopic-sql-injection(12366)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0487", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://nautopia.org/vulnerabilidades/kerio_mailserver.htm", "name" : "http://nautopia.org/vulnerabilidades/kerio_mailserver.htm", "refsource" : "MISC", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7967", "name" : "7967", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105596982503760&w=2", "name" : "20030618 Multiple buffer overflows and XSS in Kerio MailServer", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12368", "name" : "kerio-multiple-modules-bo(12368)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add_acl module, (3) a long folder parameter in the list module, and (4) a long user parameter in the do_map module." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kerio:kerio_mailserver:5.6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0488", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://nautopia.org/vulnerabilidades/kerio_mailserver.htm", "name" : "http://nautopia.org/vulnerabilidades/kerio_mailserver.htm", "refsource" : "MISC", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7966", "name" : "7966", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7968", "name" : "7968", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105596982503760&w=2", "name" : "20030618 Multiple buffer overflows and XSS in Kerio MailServer", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12367", "name" : "kerio-multiple-modules-xss(12367)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kerio:kerio_mailserver:5.6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.1 }, "severity" : "MEDIUM", "exploitabilityScore" : 4.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : true } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0489", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-330", "name" : "DSA-330", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:michael_c._toren:tcptraceroute:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0490", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105579526026992&w=2", "name" : "20030616 Dantz Retrospect Client 5.0.540 for Mac OS X - permission issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, and possibly other versions, creates critical directories and files with world-writable permissions, which allows local users to gain privileges as other users by replacing programs with malicious code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dantz:retrospect_client:5.0.540:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0491", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=vuln-dev&m=105577873506147&w=2", "name" : "20030616 Directory traversal vulnerability on Xoops/E-xoops CMS module \"tutorials\"", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers to execute arbitrary code by uploading a PHP file without a MIME image type, then directly accessing the uploaded file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mytutorials:tutorials:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0492", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7922", "name" : "7922", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105578322012128&w=2", "name" : "20030616 Multiple Vulnerabilities In Snitz Forums", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12325", "name" : "snitz-search-xss(12325)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in search.asp for Snitz Forums 3.4.03 and earlier allows remote attackers to execute arbitrary web script via the Search parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0493", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7924", "name" : "7924", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105578322012128&w=2", "name" : "20030616 Multiple Vulnerabilities In Snitz Forums", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0494", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7925", "name" : "7925", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105578322012128&w=2", "name" : "20030616 Multiple Vulnerabilities In Snitz Forums", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12326", "name" : "snitz-forums-password-reset(12326)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by via a direct request to password.asp with a modified member id." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0495", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7920", "name" : "7920", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105578330812212&w=2", "name" : "20030615 XSS Vulnerability in LedNews (CGI/Perl) v0.7", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12304", "name" : "lednews-message-xss(12304)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote attackers to insert arbitrary web script via a news item." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ledscripts.com:lednews:0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0496", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a070803-1.txt", "name" : "A070803-1", "refsource" : "ATSTAKE", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0013.html", "name" : "20030709 Pipe Filename Local Privilege Escalation FAQ", "refsource" : "VULNWATCH", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105820282607865&w=2", "name" : "20030714 @stake named pipe exploit", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105830986720243&w=2", "name" : "20030715 CreateFile exploit, (working)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0497", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7", "name" : "20030701 Caché Insecure Installation File and Directory Permissions", "refsource" : "IDEFENSE", "tags" : [ ] }, { "url" : "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/", "name" : "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2020-02-10T21:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0498", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7", "name" : "20030701 Caché Insecure Installation File and Directory Permissions", "refsource" : "IDEFENSE", "tags" : [ ] }, { "url" : "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/", "name" : "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2020-02-10T21:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0499", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.debian.org/security/2003/dsa-335", "name" : "DSA-335", "refsource" : "DEBIAN", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.6 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-12-08T02:59Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0500", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-338", "name" : "DSA-338", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005826.html", "name" : "20030618 SQL Inject in ProFTPD login against Postgresql using mod_sql", "refsource" : "FULLDISC", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0501", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html", "name" : "RHSA-2003:198", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-423", "name" : "DSA-423", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html", "name" : "RHSA-2003:238", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-358", "name" : "DSA-358", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-239.html", "name" : "RHSA-2003:239", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105621758104242", "name" : "20030620 Linux /proc sensitive information disclosure", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A328", "name" : "oval:org.mitre.oval:def:328", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.6.20.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0502", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html", "name" : "20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.rapid7.com/advisories/R7-0015.html", "name" : "http://www.rapid7.com/advisories/R7-0015.html", "refsource" : "MISC", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.1.3g", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2011-03-08T02:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0503", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.lac.co.jp/security/intelligence/SNSAdvisory/65.html", "name" : "http://www.lac.co.jp/security/intelligence/SNSAdvisory/65.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105725489003575&w=2", "name" : "20030703 [SNS Advisory No.65] Windows 2000 ShellExecute() API Let Applications to Cause Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=105724538222772&w=2", "name" : "20030703 [SNS Advisory No.65] Windows 2000 ShellExecute() API Let Applications to Cause Buffer Overflow", "refsource" : "NTBUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0504", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.security-corporation.com/articles-20030702-005.html", "name" : "http://www.security-corporation.com/articles-20030702-005.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-365", "name" : "DSA-365", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000697", "name" : "CLA-2003:697", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:077", "name" : "MDKSA-2003:077", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105718361607981&w=2", "name" : "20030702 [KSA-003] Cross Site Scripting Vulnerability in Phpgroupware", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgroupware:phpgroupware:0.9.14.003:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0505", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7931", "name" : "7931", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105716650021546&w=2", "name" : "20030702 CORE-2003-0305-04: NetMeeting Directory Traversal Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via \"..\\..\" (dot dot) sequences in a file transfer request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:netmeeting:3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0506", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105716650021546&w=2", "name" : "20030702 CORE-2003-0305-04: NetMeeting Directory Traversal Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:netmeeting:3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0507", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.microsoft.com/default.aspx?kbid=319709", "name" : "Q319709", "refsource" : "MSKB", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/594108", "name" : "VU#594108", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7930", "name" : "7930", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9171", "name" : "9171", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105716669921775&w=2", "name" : "20030702 CORE-2003-0305-03: Active Directory Stack Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) \"AND,\" (2) \"OR,\" and possibly other statements, which causes LSASS.EXE to crash." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0508", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105785749721291&w=2", "name" : "20030709 Acroread 5.0.7 buffer overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105709569312583&w=2", "name" : "20030701 [sec-labs] Adobe Acrobat Reader <=5.0.7 Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Reader (acroread) 5.0.7 and earlier allows remote attackers to execute arbitrary code via a .pdf file with a long mailto link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "versionEndIncluding" : "5.0.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0509", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/14101", "name" : "14101", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/14103", "name" : "14103", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/14112", "name" : "14112", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/10098", "name" : "10098", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.osvdb.org/10099", "name" : "10099", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.osvdb.org/10100", "name" : "10100", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1007092", "name" : "1007092", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9165", "name" : "9165", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105709450711395&w=2", "name" : "20030701 CyberStrong Shopping Cart - Advisory & Exploit Code", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12485", "name" : "cyberstrongeshop-multiple-sql-injection(12485)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cyberstrong:eshop:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0510", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://druglord.freelsd.org/ezbounce/", "name" : "http://druglord.freelsd.org/ezbounce/", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105709355110281&w=2", "name" : "20030701 ezbounce[v1.0-(1.04a/1.50pre6)]: remote format string exploit.", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in ezbounce 1.0 through 1.50 allows remote attackers to execute arbitrary code via the \"sessions\" command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.26:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.27:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.33:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.34:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.35:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.49:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.31:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.25:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.47:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.48:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.39:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.29:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.45:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.50:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.44:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.37:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.46:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-07T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0511", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0055.html", "name" : "20030728 Cisco Aironet AP 1100 Malformed HTTP Request Crash Vulnerability", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003001.htm", "name" : "http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003001.htm", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030728-ap1x00.shtml", "name" : "20030728 HTTP GET Vulnerability in AP1x00", "refsource" : "CISCO", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5834", "name" : "oval:org.mitre.oval:def:5834", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(4\\)ja:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(4\\)ja1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(11\\)ja:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(8\\)ja:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0512", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0056.html", "name" : "20030728 Cisco Aironet AP1100 Valid Account Disclosure Vulnerability", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003002.htm", "name" : "http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003002.htm", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml", "name" : "20030724 Enumerating Locally Defined Users in Cisco IOS", "refsource" : "CISCO", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/886796", "name" : "VU#886796", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5824", "name" : "oval:org.mitre.oval:def:5824", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cisco IOS 12.2 and earlier generates a \"% Login invalid\" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(14.5\\)t:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(15\\)zn:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(11\\)ja1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(14.5\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(24\\)s1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(24.2\\)s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(16.1\\)b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(15.1\\)s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(16\\)b:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0513", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html", "name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html", "name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", "refsource" : "FULLDISC", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-04-15T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0514", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html", "name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html", "name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", "refsource" : "FULLDISC", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-04-15T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0515", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-347", "name" : "DSA-347", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:teapop:teapop:0.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:teapop:teapop:0.3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2008-09-10T19:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0516", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://alpha.greenie.net/pub/mgetty/source/1.1/mgetty1.1.29-Nov25.tar.gz", "name" : "ftp://alpha.greenie.net/pub/mgetty/source/1.1/mgetty1.1.29-Nov25.tar.gz", "refsource" : "CONFIRM", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gert_doering:mgetty:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.1.28", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2008-09-10T19:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0517", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://alpha.greenie.net/pub/mgetty/source/1.1/mgetty1.1.29-Nov25.tar.gz", "name" : "ftp://alpha.greenie.net/pub/mgetty/source/1.1/mgetty1.1.29-Nov25.tar.gz", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gert_doering:mgetty:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.1.28", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gert_doering:mgetty:1.1.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gert_doering:mgetty:1.1.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gert_doering:mgetty:1.1.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gert_doering:mgetty:1.1.21:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0518", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-07/0034.html", "name" : "20030704 MacOSX - crash screensaver locked with password and get the desktop back", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-07/0187.html", "name" : "20030715 FIXED: MacOSX - crash screensaver locked with password and get thedesktop back", "refsource" : "BUGTRAQ", "tags" : [ "Patch" ] }, { "url" : "http://docs.info.apple.com/article.html?artnum=120232", "name" : "http://docs.info.apple.com/article.html?artnum=120232", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2008-09-10T19:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0519", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006286.html", "name" : "20030707 Internet Explorer 6 DoS Bug", "refsource" : "FULLDISC", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attackers to cause a denial of service (freeze) via a URL to C:\\aux (MS-DOS device name) and possibly other devices." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0520", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8107", "name" : "8107", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105735714318026&w=2", "name" : "20030704 Trillian Remote DoS", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the \"TypingUser\" string has been modified." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cerulean_studios:trillian:0.74:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cerulean_studios:trillian:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0521", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105760556627616&w=2", "name" : "20030706 cPanel Malicious HTML Tags Injection Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:6.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:6.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:6.4.2_stable_48:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0522", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105733145930031&w=2", "name" : "20030704 Another ProductCart SQL Injection Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105760660928715&w=2", "name" : "20030705 Re: Another ProductCart SQL Injection Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5003r:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6br:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6br001:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5004:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6br003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b001:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:2br000:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b002:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0523", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105761696706800&w=2", "name" : "20030705 ProductCart XSS Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in msg.asp for certain versions of ProductCart allow remote attackers to execute arbitrary web script via the message parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5003r:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6br:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5004:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6br001:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6br003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b001:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:2br000:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b002:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0524", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105769387706906&w=2", "name" : "20030708 Qt temporary files race condition in Knoppix 3.1", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary files via a symlink attack on the qt_plugins_3.0rc temporary file in the .qt directory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:knoppix:knoppix:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.2 }, "severity" : "MEDIUM", "exploitabilityScore" : 1.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0525", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a072303-1.txt", "name" : "A072303-1", "refsource" : "ATSTAKE", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12701", "name" : "winnt-file-management-dos(12701)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A319", "name" : "oval:org.mitre.oval:def:319", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-029", "name" : "MS03-029", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0526", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0029.html", "name" : "20030716 ISA Server - Error Page Cross Site Scripting", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0031.html", "name" : "20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://pivx.com/larholm/adv/TL006", "name" : "http://pivx.com/larholm/adv/TL006", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105838862201266&w=2", "name" : "20030716 ISA Server - Error Page Cross Site Scripting", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105838519729525&w=2", "name" : "20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=105838590030409&w=2", "name" : "20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A117", "name" : "oval:org.mitre.oval:def:117", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-028", "name" : "MS03-028", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for \"500 Internal Server error\" or (2) 404.htm for \"404 Not Found.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:isa_server:2000:fp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:isa_server:2000:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:isa_server:2000:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0528", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cert.org/advisories/CA-2003-23.html", "name" : "CA-2003-23", "refsource" : "CERT", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0100.html", "name" : "20030911 NSFOCUS SA2003-06 : Microsoft Windows RPC DCOM Interface Heap Overflow Vulnerability", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.nsfocus.com/english/homepage/research/0306.htm", "name" : "http://www.nsfocus.com/english/homepage/research/0306.htm", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/254236", "name" : "VU#254236", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106407417011430&w=2", "name" : "20030920 The Analysis of RPC Long Filename Heap Overflow AND a Way to Write Universal Heap Overflow of Windows", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3966", "name" : "oval:org.mitre.oval:def:3966", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2968", "name" : "oval:org.mitre.oval:def:2968", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2884", "name" : "oval:org.mitre.oval:def:2884", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A127", "name" : "oval:org.mitre.oval:def:127", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-039", "name" : "MS03-039", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-17T04:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0530", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8454", "name" : "8454", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-22.html", "name" : "CA-2003-22", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/548964", "name" : "VU#548964", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://securitytracker.com/id?1007538", "name" : "1007538", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9580", "name" : "9580", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12962", "name" : "ie-br549-activex-bo(12962)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032", "name" : "MS03-032", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0531", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8457", "name" : "8457", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.lac.co.jp/security/english/snsadv_e/67_e.html", "name" : "http://www.lac.co.jp/security/english/snsadv_e/67_e.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.cert.org/advisories/CA-2003-22.html", "name" : "CA-2003-22", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/205148", "name" : "VU#205148", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/9580", "name" : "9580", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12961", "name" : "ie-cache-script-injection(12961)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032", "name" : "MS03-032", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the \"Browser Cache Script Execution in My Computer Zone\" vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0532", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html", "name" : "20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/865940", "name" : "VU#865940", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.eeye.com/html/Research/Advisories/AD20030820.html", "name" : "http://www.eeye.com/html/Research/Advisories/AD20030820.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106149026621753&w=2", "name" : "20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032", "name" : "MS03-032", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the \"Object Type\" vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0533", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html", "name" : "TA04-104A", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/753212", "name" : "VU#753212", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020069.html", "name" : "20040413 EEYE: Windows Local Security Authority Service Remote Buffer Overflow", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.eeye.com/html/Research/Advisories/AD20040413C.html", "name" : "AD20040413C", "refsource" : "EEYE", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/o-114.shtml", "name" : "O-114", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/10108", "name" : "10108", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=108325860431471&w=2", "name" : "20040429 MS04011 Lsasrv.dll RPC buffer overflow remote exploit (PoC)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15699", "name" : "win-lsass-bo(15699)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A919", "name" : "oval:org.mitre.oval:def:919", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A898", "name" : "oval:org.mitre.oval:def:898", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A883", "name" : "oval:org.mitre.oval:def:883", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011", "name" : "MS04-011", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:netmeeting:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-06-01T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0535", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-345", "name" : "DSA-345", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006386.html", "name" : "20030708 Fwd: xbl vulnerabilty", "refsource" : "FULLDISC", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in xbl 1.0k and earlier allows local users to gain privileges via a long -display command line option." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xblockout:xbl:1.0i:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xblockout:xbl:1.0k:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xblockout:xbl:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2008-09-10T19:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0536", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-346", "name" : "DSA-346", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=670222&group_id=15&atid=100015", "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=670222&group_id=15&atid=100015", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105128606513226&w=2", "name" : "20030425 Unauthorized reading files on phpSysInfo", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpsysinfo:phpsysinfo:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpsysinfo:phpsysinfo:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 3.6 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0537", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-341", "name" : "DSA-341", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The liece Emacs IRC client 2.0+0.20030527 and earlier creates temporary files insecurely, which could allow local users to overwrite arbitrary files as other users." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:daiki_ueno:liece_emacs_irc_client:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0_0.2003-05-27", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0538", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-342", "name" : "DSA-342", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The mailcap file for mozart 1.2.5 and earlier causes Oz applications to be passed to the Oz interpreter, which allows remote attackers to execute arbitrary Oz programs in a MIME-aware client program." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozart:mozart:1.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozart:mozart:1.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2008-09-10T19:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0539", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-343", "name" : "DSA-343", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-242.html", "name" : "RHSA-2003:242", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A28", "name" : "oval:org.mitre.oval:def:28", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:daredevil_skk:11.3.2:*:noarch:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:daredevil_skk:11.3.5:*:noarch:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:skk:skk:10.62a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:daredevil_skk:11.6.0-10:*:noarch:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:daredevil_skk:11.6.0-6:*:noarch:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ddskk:ddskk:11.6_.rel.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ddskk-xemacs:11.6.0-6:*:noarch:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ddskk-xemacs:11.6.0-8:*:noarch:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:daredevil_skk:11.6.0-8:*:noarch:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ddskk-xemacs:11.6.0-10:*:noarch:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0540", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-251.html", "name" : "RHSA-2003:251", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-363", "name" : "DSA-363", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-August/007693.html", "name" : "20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_033_postfix.html", "name" : "SuSE-SA:2003:033", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717", "name" : "CLA-2003:717", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3517.html", "name" : "ESA-20030804-019", "refsource" : "ENGARDE", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/895508", "name" : "VU#895508", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8333", "name" : "8333", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9433", "name" : "9433", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:081", "name" : "MDKSA-2003:081", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106029188614704&w=2", "name" : "2003-0029", "refsource" : "TRUSTIX", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106001525130257&w=2", "name" : "20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A544", "name" : "oval:org.mitre.oval:def:544", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the \".!\" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a \".!\" string, which causes an instance of the SMTP listener to lock up." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:conectiva:linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:conectiva:linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:1.0.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:1.1.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:1.1.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:2000-02-28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:2001-11-15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:1999-09-06:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:1999-12-31:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0541", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-264.html", "name" : "RHSA-2003:264", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2005/dsa-710", "name" : "DSA-710", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000737", "name" : "CLA-2003:737", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:093", "name" : "MDKSA-2003:093", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A148", "name" : "oval:org.mitre.oval:def:148", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gtkhtml:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.1.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-17T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0542", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8911", "name" : "8911", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-015.html", "name" : "RHSA-2004:015", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://httpd.apache.org/dist/httpd/Announcement2.html", "name" : "http://httpd.apache.org/dist/httpd/Announcement2.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/342674", "name" : "20031028 [OpenPKG-SA-2003.046] OpenPKG Security Advisory (apache)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/advisories/6079", "name" : "HPSBUX0311-301", "refsource" : "HP", "tags" : [ ] }, { "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103", "name" : "MDKSA-2003:103", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-320.html", "name" : "RHSA-2003:320", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-360.html", "name" : "RHSA-2003:360", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-405.html", "name" : "RHSA-2003:405", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt", "name" : "SCOSA-2004.6", "refsource" : "SCO", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20031203-01-U.asc", "name" : "20031203-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://lists.apple.com/mhonarc/security-announce/msg00045.html", "name" : "http://lists.apple.com/mhonarc/security-announce/msg00045.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/434566", "name" : "VU#434566", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/549142", "name" : "VU#549142", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/10096", "name" : "10096", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10098", "name" : "10098", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10102", "name" : "10102", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10112", "name" : "10112", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10114", "name" : "10114", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10153", "name" : "10153", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10260", "name" : "10260", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10264", "name" : "10264", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10463", "name" : "10463", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/9504", "name" : "9504", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2005-816.html", "name" : "RHSA-2005:816", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101444-1", "name" : "101444", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1", "name" : "101841", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html", "name" : "APPLE-SA-2004-01-26", "refsource" : "APPLE", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc", "name" : "20040202-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10580", "name" : "10580", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10593", "name" : "10593", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2", "name" : "SSRT090208", "refsource" : "HP", "tags" : [ ] }, { "url" : "http://docs.info.apple.com/article.html?artnum=61798", "name" : "http://docs.info.apple.com/article.html?artnum=61798", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106761802305141&w=2", "name" : "20031031 GLSA: apache (200310-04)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13400", "name" : "apache-modalias-modrewrite-bo(13400)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9458", "name" : "oval:org.mitre.oval:def:9458", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A864", "name" : "oval:org.mitre.oval:def:864", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A863", "name" : "oval:org.mitre.oval:def:863", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3799", "name" : "oval:org.mitre.oval:def:3799", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2021-06-06T11:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0543", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-291.html", "name" : "RHSA-2003:291", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893", "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm", "name" : "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-292.html", "name" : "RHSA-2003:292", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html", "name" : "ESA-20030930-027", "refsource" : "ENGARDE", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-393", "name" : "DSA-393", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-394", "name" : "DSA-394", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.cert.org/advisories/CA-2003-26.html", "name" : "CA-2003-26", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/255484", "name" : "VU#255484", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21247112", "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21247112", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/22249", "name" : "22249", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8732", "name" : "8732", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1", "name" : "201029", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://www.vupen.com/english/advisories/2006/3900", "name" : "ADV-2006-3900", "refsource" : "VUPEN", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5292", "name" : "oval:org.mitre.oval:def:5292", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4254", "name" : "oval:org.mitre.oval:def:4254", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0544", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-291.html", "name" : "RHSA-2003:291", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-292.html", "name" : "RHSA-2003:292", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm", "name" : "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893", "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html", "name" : "ESA-20030930-027", "refsource" : "ENGARDE", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-393", "name" : "DSA-393", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-394", "name" : "DSA-394", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.cert.org/advisories/CA-2003-26.html", "name" : "CA-2003-26", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/380864", "name" : "VU#380864", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21247112", "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21247112", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/22249", "name" : "22249", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8732", "name" : "8732", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1", "name" : "201029", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://www.vupen.com/english/advisories/2006/3900", "name" : "ADV-2006-3900", "refsource" : "VUPEN", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43041", "name" : "openssl-asn1-sslclient-dos(43041)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574", "name" : "oval:org.mitre.oval:def:4574", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0545", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-292.html", "name" : "RHSA-2003:292", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm", "name" : "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-394", "name" : "DSA-394", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.cert.org/advisories/CA-2003-26.html", "name" : "CA-2003-26", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/935264", "name" : "VU#935264", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21247112", "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21247112", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/22249", "name" : "22249", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8732", "name" : "8732", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.vupen.com/english/advisories/2006/3900", "name" : "ADV-2006-3900", "refsource" : "VUPEN", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590", "name" : "oval:org.mitre.oval:def:2590", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0546", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106036724315539&w=2", "name" : "RHSA-2003:255", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A631", "name" : "oval:org.mitre.oval:def:631", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:up2date:3.0.7-1:*:i386_gnome:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:up2date:3.1.23-1:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:up2date:3.0.7-1:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:up2date:3.1.23-1:*:i386_gnome:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0547", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-258.html", "name" : "RHSA-2003:258", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html", "name" : "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729", "name" : "CLA-2003:729", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106194792924122&w=2", "name" : "20030824 [slackware-security] GDM security update (SSA:2003-236-01)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112", "name" : "oval:org.mitre.oval:def:112", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GDM before 2.4.1.6, when using the \"examine session errors\" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.4.0.7.13:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.4.1.3.5:*:i386:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0548", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-258.html", "name" : "RHSA-2003:258", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-259.html", "name" : "RHSA-2003:259", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html", "name" : "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729", "name" : "CLA-2003:729", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113", "name" : "oval:org.mitre.oval:def:113", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.2.3.1.20:*:ia64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.2.3.1.22:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.0_beta2.45:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.0_beta2.45:*:ppc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.2.3.1.20:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.4.0.7.13:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.4.1.3.5:*:i386:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0549", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-258.html", "name" : "RHSA-2003:258", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-259.html", "name" : "RHSA-2003:259", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html", "name" : "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729", "name" : "CLA-2003:729", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129", "name" : "oval:org.mitre.oval:def:129", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.2.3.1.22:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.4.0.7.13:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.0_beta2.45:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.0_beta2.45:*:ppc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.2.3.1.20:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.2.3.1.20:*:ia64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.4.1.3.5:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0550", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html", "name" : "RHSA-2003:238", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-423", "name" : "DSA-423", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-358", "name" : "DSA-358", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-239.html", "name" : "RHSA-2003:239", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A380", "name" : "oval:org.mitre.oval:def:380", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:2.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0551", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html", "name" : "RHSA-2003:238", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-423", "name" : "DSA-423", "refsource" : "DEBIAN", "tags" : [ "Exploit" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html", "name" : "RHSA-2003:198", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-358", "name" : "DSA-358", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-239.html", "name" : "RHSA-2003:239", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A384", "name" : "oval:org.mitre.oval:def:384", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:2.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0552", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html", "name" : "RHSA-2003:238", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html", "name" : "RHSA-2003:198", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-423", "name" : "DSA-423", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-358", "name" : "DSA-358", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-239.html", "name" : "RHSA-2003:239", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A385", "name" : "oval:org.mitre.oval:def:385", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:2.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0553", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf", "name" : "http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105820193406838&w=2", "name" : "20030714 Netscape 7.02 Client Detection Tool plug-in buffer overrun", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0554", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006505.html", "name" : "20030714 [sec-labs] Remote Denial of Service vulnerability in NeoModus Direct Connect 1.0 build 9", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105820316708258&w=2", "name" : "20030714 [sec-labs] Remote Denial of Service vulnerability in NeoModus Direct Connect 1.0 build 9", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NeoModus Direct Connect 1.0 build 9, and possibly other versions, allows remote attackers to cause a denial of service (connection and possibly memory exhaustion) via a flood of ConnectToMe requests containing arbitrary IP addresses and ports." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:neomodus:direct_connect:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0555", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105820576111599&w=2", "name" : "20030714 ImageMagick's Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a \"%x\" filename, possibly triggering a format string vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:imagemagick:imagemagick:5.4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0556", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006494.html", "name" : "20030712 DoS - Polycom MGC 25 Control Port", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105804648003163&w=2", "name" : "20030712 DoS - Polycom MGC 25 Control Port", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of \"user\" requests to the control port 5003, as demonstrated using the blast TCP stress tester." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:polycom:mgc-25:5.51.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:polycom:mgc-25:5.51.211:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:polycom:mgc-100:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:polycom:mgc-50:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0557", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105804683203384&w=2", "name" : "20030712 ZH2003-3SA (security advisory): Storefront sql injection: users", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lagarde:storefront:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0558", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105795219412333&w=2", "name" : "20030711 LeapFTP remote buffer overflow exploit", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to execute arbitrary code via a long IP address response to a PASV request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leapware:leapftp:2.7.3.600:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0559", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105787021803729&w=2", "name" : "20030710 PHP-Include-Hack-Possibility in phpforum 2 RC-1", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAIN_PATH parameter to reference a URL on a remote web server that contains the code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpforum:phpforum:2.0_rc1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0560", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8159", "name" : "8159", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105733277731084&w=2", "name" : "20030704 VPASP SQL Injection Vulnerability & Exploit CODE", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:virtual_programming:vp-asp:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0561", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0010.html", "name" : "20030707 Multiple Buffer Overflows in IglooFTP PRO", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105769805311484&w=2", "name" : "20030707 Multiple Buffer Overflows in IglooFTP PRO", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers to execute arbitrary code via (1) a long FTP banner, or long responses to the client commands (2) USER, (3) PASS, (4) ACCT, and possibly other commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:iglooftp:iglooftp_pro:3.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0562", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0041.html", "name" : "20030723 Buffer Overflow in Netware Web Server PERL Handler", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.protego.dk/advisories/200301.html", "name" : "http://www.protego.dk/advisories/200301.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://support.novell.com/servlet/tidfinder/2966549", "name" : "http://support.novell.com/servlet/tidfinder/2966549", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/185593", "name" : "VU#185593", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105897561229347&w=2", "name" : "20030723 NOVL-2003-2966549 - Enterprise Web Server PERL Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105897724931665&w=2", "name" : "20030723 Buffer Overflow in Netware Web Server PERL Handler", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:5.1:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:5.1:sp6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0564", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.uniras.gov.uk/vuls/2003/006489/smime.htm", "name" : "http://www.uniras.gov.uk/vuls/2003/006489/smime.htm", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/428230", "name" : "VU#428230", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8981", "name" : "8981", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-110.html", "name" : "RHSA-2004:110", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-112.html", "name" : "RHSA-2004:112", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040402-01-U.asc", "name" : "20040402-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021", "name" : "MDKSA-2004:021", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=108448379429944&w=2", "name" : "SSRT4722", "refsource" : "HP", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=109900315219363&w=2", "name" : "FLSA:2089", "refsource" : "FEDORA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13603", "name" : "smime-asn1-bo(13603)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A914", "name" : "oval:org.mitre.oval:def:914", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A872", "name" : "oval:org.mitre.oval:def:872", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11462", "name" : "oval:org.mitre.oval:def:11462", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hitachi:groupmax_mail_-_security_option:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hitachi:pki_runtime_library:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-01T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0565", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.uniras.gov.uk/vuls/2003/006489/x400.htm", "name" : "http://www.uniras.gov.uk/vuls/2003/006489/x400.htm", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/927278", "name" : "VU#927278", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple vulnerabilities in multiple vendor implementations of the X.400 protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an X.400 message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-01T05:00Z", "lastModifiedDate" : "2005-10-20T04:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0567", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cert.org/advisories/CA-2003-15.html", "name" : "CA-2003-15", "refsource" : "CERT", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-17.html", "name" : "CA-2003-17", "refsource" : "CERT", "tags" : [ "Exploit", "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006743.html", "name" : "20030718 (no subject)", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml", "name" : "20030717 IOS Interface Blocked by IPv4 Packet", "refsource" : "CISCO", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/411332", "name" : "VU#411332", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5603", "name" : "oval:org.mitre.oval:def:5603", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1aa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0da:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0sx:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xb:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xj:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xk:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xs:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xm:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xp:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xe:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xy:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1db:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xe:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0t:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xu:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2sa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1ex:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1yi:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2p:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1yh:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0w5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0sc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xx:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1ey:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xq:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xf:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1da:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xr:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xi:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1yd:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xq:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2bz:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xb:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1yf:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xl:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1ax:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1ev:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xk:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xh:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xw:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1eb:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0sl:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1ec:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xu:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xj:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1aa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xn:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2bc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0sp:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2bw:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0wc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3t:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xd:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2bx:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0wt:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1ay:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1ew:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xg:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1yc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xp:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xt:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xf:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xi:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1ye:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xv:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xg:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xr:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0dc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xs:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xe:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2ja:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2sx:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2ys:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xd:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xj:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xz:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xh:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xg:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xr:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yn:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xb:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yf:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xl:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2ym:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yw:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yd:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xl:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yb:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2mb:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2dd:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2zh:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2da:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2mx:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yo:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xw:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yt:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1cc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yl:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xn:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1yb:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2zb:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yg:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1dc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xu:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yr:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0db:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0sz:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1ca:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xm:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xk:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xh:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2zj:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0sy:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2cy:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2ze:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xs:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yp:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yy:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2sz:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xi:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xm:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2dx:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xd:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2cx:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yq:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xf:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xq:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2zf:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2ya:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xw:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2zg:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xv:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yk:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yz:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yj:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2mc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1yj:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yx:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yh:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xt:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yv:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2zc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2zd:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yu:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:optical_networking_systems_software:3.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:optical_networking_systems_software:4.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:optical_networking_systems_software:3.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:optical_networking_systems_software:3.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:ons_15454_optical_transport_platform:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:optical_networking_systems_software:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:optical_networking_systems_software:3.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0568", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0569", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0570", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0571", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0572", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P", "name" : "20030701-01-P", "refsource" : "SGI", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/8587", "name" : "8587", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12635", "name" : "irix-nsd-map-dos(12635)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows attackers to cause a denial of service (memory consumption)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0573", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P", "name" : "20030701-01-P", "refsource" : "SGI", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, do not perform sufficient sanity checking, with unknown impact." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0574", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030702-01-P", "name" : "20030702-01-P", "refsource" : "SGI", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly earlier versions, allows local users to cause a core dump in scheme and possibly gain privileges via certain environment variables, a different vulnerability than CVE-2001-0797 and CVE-1999-0028." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2008-09-10T19:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0575", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8304", "name" : "8304", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030704-01-P", "name" : "20030704-01-P", "refsource" : "SGI", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/682900", "name" : "VU#682900", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-130.shtml", "name" : "N-130", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.osvdb.org/2337", "name" : "2337", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9390", "name" : "9390", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105958240709302&w=2", "name" : "20030730 [LSD] IRIX nsd remote buffer overflow vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12763", "name" : "irix-authunix-nsd-bo(12763)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in the name services daemon (nsd) in SGI IRIX 6.5.x through 6.5.21f, and possibly earlier versions, allows attackers to gain root privileges via the AUTH_UNIX gid list." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0576", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030801-01-P", "name" : "20030801-01-P", "refsource" : "SGI", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030801-02-P", "name" : "20030801-02-P", "refsource" : "SGI", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and earlier allows remote attackers to cause a denial of service (kernel panic) via certain packets that cause XDR decoding errors, a different vulnerability than CVE-2003-0619." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0577", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/6629", "name" : "6629", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/306903", "name" : "20030116 Re[2]: Local/remote mpg123 exploit", "refsource" : "BUGTRAQ", "tags" : [ "Patch" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000695", "name" : "CLA-2003:695", "refsource" : "CONECTIVA", "tags" : [ "Vendor Advisory" ] }, { "url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-002.0/CSSA-2004-002.0.txt", "name" : "CSSA-2004-002.0", "refsource" : "SCO", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:078", "name" : "MDKSA-2003:078", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7875", "name" : "7875", "refsource" : "SECUNIA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mpg123:mpg123:0.59r:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mpg123:mpg123:pre0.59s:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2008-09-10T19:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0578", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0025.html", "name" : "20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105839150004682&w=2", "name" : "20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:u2_universe:*:*:*:*:*:*:*:*", "versionEndIncluding" : "10.0.0.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0579", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0026.html", "name" : "20030716 SRT2003-07-07-0833 - IBM U2 UniVerse users with uvadm rights can take root via uvadmsh", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105838948002337&w=2", "name" : "20030716 SRT2003-07-07-0833 - IBM U2 UniVerse users with uvadm rights can take root via uvadmsh", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the user-supplied -uv.install command line option to find and execute the uv.install program, which allows local users to gain privileges by providing a pathname that is under control of the user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:u2_universe:*:*:*:*:*:*:*:*", "versionEndIncluding" : "10.0.0.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0580", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0028.html", "name" : "20030716 SRT2003-07-08-1223 - IBM U2 UniVerse uvadm can take root via buffer overflows", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105839042603476&w=2", "name" : "20030716 SRT2003-07-08-1223 - IBM U2 UniVerse uvadm can take root via buffer overflows", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier allows the uvadm user to execute arbitrary code via a long -uv.install command line argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:u2_universe:*:*:*:*:*:*:*:*", "versionEndIncluding" : "10.0.0.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0581", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-360", "name" : "DSA-360", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105829691405446&w=2", "name" : "20030714 xfstt-1.4 vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a (1) FS_QueryXExtents8 or (2) FS_QueryXBitmaps8 packet, and possibly other types of packets, with a large num_ranges value, which causes an out-of-bounds array access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfstt:xfstt:1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfstt:xfstt:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0582", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0504. Reason: This candidate is a duplicate of CVE-2003-0504. Notes: All CVE users should reference CVE-2003-0504 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-10T19:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0583", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105846288808846&w=2", "name" : "20030716 SRT2003-07-16-0358 - bru has buffer overflow and format issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via a long command line argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tolis_group:bru:*:*:*:*:*:*:*:*", "versionEndIncluding" : "17.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0584", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105846288808846&w=2", "name" : "20030716 SRT2003-07-16-0358 - bru has buffer overflow and format issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via format string specifiers in a command line argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tolis_group:bru:*:*:*:*:*:*:*:*", "versionEndIncluding" : "17.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0585", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105845898003616&w=2", "name" : "20030717 eStore SQL Injection Vulnerability & Path Disclosure", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brooky:estore:1.0.2b:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0586", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105845898003616&w=2", "name" : "20030717 eStore SQL Injection Vulnerability & Path Disclosure", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain sensitive path information via a direct HTTP request to settings.inc.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brooky:estore:1.0.2b:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0587", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105839276105934&w=2", "name" : "20030716 Changing UBB cookie allows account hijack", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the \"displayed name\" attribute of the \"ubber\" cookie." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:infopop:ultimate_bulletin_board:6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0588", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105839007002993&w=2", "name" : "20030716 Digi-news and Digi-ads version 1.1 admin access without password", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:digi-fx:digi-news:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0589", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105839007002993&w=2", "name" : "20030716 Digi-news and Digi-ads version 1.1 admin access without password", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:digi-fx:digi-news:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0590", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://members.fortunecity.it/lethalman2002/bugs/splatt.html", "name" : "http://members.fortunecity.it/lethalman2002/bugs/splatt.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105830019209609&w=2", "name" : "20030715 Splatt Forum html injection code in post icon", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote attackers to insert arbitrary HTML and web script via the post icon (image_subject) field." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:splatt:splatt_forum:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:C/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "NONE", "baseScore" : 7.1 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-18T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0591", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is a duplicate number that was created during the refinement phase. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0592", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html", "name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-459", "name" : "DSA-459", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-074.html", "name" : "RHSA-2004:074", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html", "name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:022", "name" : "MDKSA-2004:022", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A823", "name" : "oval:org.mitre.oval:def:823", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:2.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror_embedded:0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-04-15T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0593", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html", "name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html", "name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", "refsource" : "FULLDISC", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Opera allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:5.0:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:5.1.0:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.2:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0_beta2:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:5.0.2:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.3:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0.2:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.6:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.11j:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.2:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:5.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0_beta1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.3:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0.1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.10:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0.3:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:5.1.1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.20_beta1_build2981:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:5.0:*:mac:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.5:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:5.12:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.4:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.11b:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-04-15T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0594", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html", "name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html", "name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-112.html", "name" : "RHSA-2004:112", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021", "name" : "MDKSA-2004:021", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9826", "name" : "oval:org.mitre.oval:def:9826", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A917", "name" : "oval:org.mitre.oval:def:917", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A873", "name" : "oval:org.mitre.oval:def:873", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-04-15T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0595", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0038.html", "name" : "20030718 Witango & Tango 2000 Application Server Remote System Buffer Overrun", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in WiTango Application Server and Tango 2000 allows remote attackers to execute arbitrary code via a long cookie to Witango_UserReference." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:witango:tango_server:2000:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:witango:witango_server:5.0.1.061:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0596", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=186219", "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=186219", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://www.debian.org/security/2003/dsa-352", "name" : "DSA-352", "refsource" : "DEBIAN", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "FDclone 2.00a, and other versions before 2.02a, creates temporary directories with predictable names and uses them if they already exist, which allows local users to read or modify files of other fdclone users by creating the directory ahead of time." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fdclone:fdclone:2.00a:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.6 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2016-12-08T02:59Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0597", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105889063714201&w=2", "name" : "CSSA-2003-SCO-11", "refsource" : "SCO", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7.1.x allows local users to gain root privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0598", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0657. Reason: This candidate is a reservation duplicate of CVE-2003-0657. Notes: All CVE users should reference CVE-2003-0657 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0599", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-365", "name" : "DSA-365", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://mail.gnu.org/archive/html/phpgroupware-users/2003-07/msg00035.html", "name" : "http://mail.gnu.org/archive/html/phpgroupware-users/2003-07/msg00035.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.phpgroupware.org", "name" : "http://www.phpgroupware.org", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgroupware:phpgroupware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.9.14.004", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16prerc:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0601", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://docs.info.apple.com/article.html?artnum=25631", "name" : "http://docs.info.apple.com/article.html?artnum=25631", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8266", "name" : "8266", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12728", "name" : "macos-workgroup-gain-access(12728)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-29T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0602", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/6861", "name" : "6861", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6868", "name" : "6868", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.bugzilla.org/security/2.16.2/", "name" : "http://www.bugzilla.org/security/2.16.2/", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653", "name" : "CLA-2003:653", "refsource" : "CONECTIVA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0603", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7412", "name" : "7412", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653", "name" : "CLA-2003:653", "refsource" : "CONECTIVA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.bugzilla.org/security/2.16.2/", "name" : "http://www.bugzilla.org/security/2.16.2/", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0604", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.pivx.com/larholm/unpatched/", "name" : "http://www.pivx.com/larholm/unpatched/", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=105899408520292&w=2", "name" : "20030723 Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105899261818572&w=2", "name" : "20030723 Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105906867322856&w=2", "name" : "20030723 Re: Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=105906261314411&w=2", "name" : "20030723 Re: Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "http://www.malware.com/once.again!.html", "name" : "http://www.malware.com/once.again!.html", "refsource" : "MISC", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:windows_media_player:8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:windows_media_player:7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2018-08-13T21:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0605", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006851.html", "name" : "20030721 Microsoft Windows 2000 RPC DCOM Interface DOS AND Privilege Escalation Vulnerability", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.cert.org/advisories/CA-2003-19.html", "name" : "CA-2003-19", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-23.html", "name" : "CA-2003-23", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/326746", "name" : "VU#326746", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105880332428706&w=2", "name" : "20030720 Microsoft Windows 2000 RPC DCOM Interface DOS AND Privilege Escalation Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A494", "name" : "oval:org.mitre.oval:def:494", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1118", "name" : "oval:org.mitre.oval:def:1118", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-039", "name" : "MS03-039", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0606", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-353", "name" : "DSA-353", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "sup 1.8 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sup:sup:1.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cvsup:cvsup-mirror:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0607", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-354", "name" : "DSA-354", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8307", "name" : "8307", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12765", "name" : "xconq-user-display-bo(12765)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in xconq 7.4.1 allows local users to become part of the \"games\" group via the (1) USER or (2) DISPLAY environment variables." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stanley_t._shebs:xconq:7.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-29T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0609", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/advisory/07.29.03.txt", "name" : "20030729 Buffer Overflow in Sun Solaris Runtime Linker", "refsource" : "IDEFENSE", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55680", "name" : "55680", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://www.osvdb.org/8722", "name" : "8722", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105951760418667&w=2", "name" : "20030729 Solaris ld.so.1 buffer overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12755", "name" : "sun-ldso1-ldpreload-bo(12755)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3601", "name" : "oval:org.mitre.oval:def:3601", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0610", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp", "name" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0611", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8312", "name" : "8312", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-356", "name" : "DSA-356", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in xtokkaetama 1.0 allow local users to gain privileges via a long (1) -display command line argument or (2) XTOKKAETAMADIR environment variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xtokkaetama:xtokkaetama:1.0_b6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0612", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://secunia.com/advisories/9577/", "name" : "9577", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://packages.debian.org/changelogs/pool/non-free/c/crafty/crafty_19.15-1/changelog.txt", "name" : "http://packages.debian.org/changelogs/pool/non-free/c/crafty/crafty_19.15-1/changelog.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203541", "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203541", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/9893", "name" : "9893", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1009393", "name" : "1009393", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1009398", "name" : "1009398", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/357601", "name" : "20040315 Crafty Game Stack Overflow & Exploit", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15501", "name" : "crafty-command-line-bo(15501)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13017", "name" : "crafty-long-argument-bo(13017)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in main.c for Crafty 19.3 allow local users to gain group \"games\" privileges via long command line arguments to crafty.bin." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:robert_hyatt:crafty:19.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-29T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0613", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-369", "name" : "DSA-369", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows local users to execute arbitrary code via the high score file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zblast:zblast:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0614", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-355", "name" : "DSA-355", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=82&mode=thread&order=0&thold=0", "name" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=82&mode=thread&order=0&thold=0", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/330676", "name" : "20030727 Gallery XSS security advisory (with fix and patch instructions)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106252092421469&w=2", "name" : "20030902 GLSA: gallery (200309-06)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/348641/30/21790/threaded", "name" : "20040101 Re: Gallery v1.3.3 Cross Site Scripting Vulnerabillity", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.2.1_p1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0615", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8231", "name" : "8231", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-256.html", "name" : "RHSA-2003:256", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/246409", "name" : "VU#246409", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084", "name" : "MDKSA-2003:084", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1007234", "name" : "1007234", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/13638", "name" : "13638", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000713", "name" : "CLA-2003:713", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1", "name" : "101426", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-155.shtml", "name" : "N-155", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-371", "name" : "DSA-371", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105880349328877&w=2", "name" : "20030720 CGI.pm vulnerable to Cross-site Scripting", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106018783704468&w=2", "name" : "20030806 [OpenPKG-SA-2003.036] OpenPKG Security Advisory (perl-www)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=full-disclosure&m=105875211018698&w=2", "name" : "20030720 CGI.pm vulnerable to Cross-site Scripting.", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12669", "name" : "cgi-startform-xss(12669)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470", "name" : "oval:org.mitre.oval:def:470", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307", "name" : "oval:org.mitre.oval:def:307", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cgi.pm:cgi.pm:2.75:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cgi.pm:cgi.pm:2.751:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cgi.pm:cgi.pm:2.753:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cgi.pm:cgi.pm:2.76:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cgi.pm:cgi.pm:2.73:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cgi.pm:cgi.pm:2.74:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cgi.pm:cgi.pm:2.93:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cgi.pm:cgi.pm:2.78:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cgi.pm:cgi.pm:2.79:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0616", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp", "name" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.atstake.com/research/advisories/2003/a073103-1.txt", "name" : "A073103-1", "refsource" : "ATSTAKE", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2013-07-23T05:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0617", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-362", "name" : "DSA-362", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106252097421549&w=2", "name" : "20030902 GLSA: mindi (200309-05)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "mindi 0.58 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hugo_rabson:mindi:0.58_r5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0618", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2004/dsa-431", "name" : "DSA-431", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9543", "name" : "9543", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203426", "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203426", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15012", "name" : "suidperl-obtain-information(15012)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:perl:suidperl:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-05-04T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0619", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html", "name" : "RHSA-2003:198", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-358", "name" : "DSA-358", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-239.html", "name" : "RHSA-2003:239", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105950927708272&w=2", "name" : "20030729 Remote Linux Kernel < 2.4.21 DoS in XDR routine.", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A386", "name" : "oval:org.mitre.oval:def:386", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.4.21", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0620", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-364", "name" : "DSA-364", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105960276803617&w=2", "name" : "20030730 Re: man-db[] multiple(4) vulnerabilities.", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105951284512898&w=2", "name" : "20030729 man-db[] multiple(4) vulnerabilities.", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:2.3.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:2.3.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:2.3.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0621", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp", "name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8931", "name" : "8931", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106762000607681&w=2", "name" : "20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13559", "name" : "bea-tuxedo-file-disclosure(13559)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:tuxedo:6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:tuxedo:6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:5.1:*:enterprise:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:4.2:*:enterprise:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:5.0.1:*:enterprise:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:tuxedo:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:tuxedo:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:tuxedo:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:tuxedo:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-01T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0622", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp", "name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8931", "name" : "8931", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106762000607681&w=2", "name" : "20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13560", "name" : "bea-tuxedo-device-dos(13560)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:4.2:*:enterprise:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:5.0.1:*:enterprise:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:tuxedo:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:tuxedo:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:tuxedo:6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:tuxedo:6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:5.1:*:enterprise:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:tuxedo:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:tuxedo:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-01T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0623", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp", "name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8931", "name" : "8931", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106762000607681&w=2", "name" : "20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13561", "name" : "bea-tuxedo-filename-xss(13561)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:tuxedo:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:4.2:*:enterprise:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:tuxedo:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:tuxedo:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:tuxedo:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:5.0.1:*:enterprise:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:5.1:*:enterprise:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:tuxedo:6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:tuxedo:6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-01T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0624", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp", "name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8938", "name" : "8938", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106761926906781&w=2", "name" : "20031031 Corsaire Security Advisory: BEA WebLogic example InteractiveQuery.jsp XSS issue", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13568", "name" : "bea-weblogic-interactivequery-xss(13568)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "8.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:3.1.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-01T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0625", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8255", "name" : "8255", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-360", "name" : "DSA-360", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://developer.berlios.de/forum/forum.php?forum_id=2819", "name" : "http://developer.berlios.de/forum/forum.php?forum_id=2819", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105941103709264&w=2", "name" : "20030727 [PAPER]: Address relay fingerprinting.", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfstt:xfstt:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfstt:xfstt:1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0626", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013652.html", "name" : "20031103 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues", "refsource" : "FULLDISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0042.html", "name" : "20031113 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.auscert.org.au/render.html?it=3610", "name" : "ESB-2003.0786", "refsource" : "AUSCERT", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/9037", "name" : "9037", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.secunia.com/advisories/10225/", "name" : "10225", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13754", "name" : "peoplesoft-searchcgi-directory-traversal(13754)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to read arbitrary files via the (1) headername or (2) footername arguments." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-13T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0627", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013652.html", "name" : "20031103 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0042.html", "name" : "20031113 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/9038", "name" : "9038", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.secunia.com/advisories/10225/", "name" : "10225", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13754", "name" : "peoplesoft-searchcgi-directory-traversal(13754)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.42:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0628", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106874146204158&w=2", "name" : "20031113 Corsaire Security Advisory: PeopleSoft Gateway Administration servlet path disclosure issue", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP request with an invalid value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.40:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2016-10-18T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0629", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106874146204158&w=2", "name" : "20031113 Corsaire Security Advisory: PeopleSoft Gateway Administration servlet path disclosure issue", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environment for PeopleTools 8.43 and earlier allows remote attackers to insert arbitrary web script via a certain HTTP request to IScript." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.40:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2016-10-18T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0630", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-359", "name" : "DSA-359", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106252128221901&w=2", "name" : "20030902 GLSA: atari800 (200309-07)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in the atari800.svgalib setuid program of the Atari 800 emulator (atari800) before 1.2.2 allow local users to gain privileges via long command line arguments, as demonstrated with the -osa_rom argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.2.1_pre0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2016-10-18T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0631", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1039", "name" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1039", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105899875225268&w=2", "name" : "20030723 VMware GSX Server 2.5.1 / Workstation 4.0 (for Linux systems)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0632", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://otn.oracle.com/deploy/security/pdf/2003alert56.pdf", "name" : "http://otn.oracle.com/deploy/security/pdf/2003alert56.pdf", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105906721920776&w=2", "name" : "20030724 Integrigy Security Alert - Oracle E-Business Suite FNDWRR Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:applications:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:applications:10.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0633", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://otn.oracle.com/deploy/security/pdf/2003alert55.pdf", "name" : "http://otn.oracle.com/deploy/security/pdf/2003alert55.pdf", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8268", "name" : "8268", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105906689120237&w=2", "name" : "20030724 Integrigy Security Alert - Oracle E-Business Suite AOL/J Setup Test Information Disclosure", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server security key." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:applications:10.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:applications:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0634", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8267", "name" : "8267", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf", "name" : "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0105.html", "name" : "20030912 Update to the Oracle EXTPROC advisory", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/936868", "name" : "VU#936868", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105916455814904&w=2", "name" : "20030725 question about oracle advisory", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=105915485303327&w=2", "name" : "20030725 Oracle Extproc Buffer Overflow (#NISR25072003)", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105914979629857&w=2", "name" : "20030725 Oracle Extproc Buffer Overflow (#NISR25072003)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12721", "name" : "oracle-extproc-bo(12721)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0635", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm", "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105492852131747&w=2", "name" : "20030606 NOVL-2003-2966205 - iChain 2.2 Field Patch 1a", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before Support Pack 1, with unknown impact, possibly related to unauthorized access to (1) NCPIP.NLM and (2) JSTCP.NLM." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:ichain:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0636", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm", "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm", "refsource" : "CONFIRM", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:ichain:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0637", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm", "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm", "refsource" : "CONFIRM", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:ichain:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0638", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm", "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105492852131747&w=2", "name" : "20030606 NOVL-2003-2966205 - iChain 2.2 Field Patch 1a", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105492847631711&w=2", "name" : "20030606 NOVL-2003-2966207 - iChain 2.1 Field Patch 3", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a \"special script against login.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:ichain:2.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:ichain:2.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:ichain:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0639", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm", "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105492852131747&w=2", "name" : "20030606 NOVL-2003-2966205 - iChain 2.2 Field Patch 1a", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:ichain:2.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:ichain:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:ichain:2.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0640", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.secunia.com/advisories/9232/", "name" : "9232", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp", "name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:*:*:express:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0641", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8222", "name" : "8222", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/6578", "name" : "6578", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9310", "name" : "9310", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105848106631132&w=2", "name" : "20030717 Bypassing ServerLock protection on Windows 2000", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12665", "name" : "serverlock-openprocess-load-module(12665)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess() function, as demonstrated using (1) a DLL injection attack, (2) ZwSetSystemInformation, and (3) API hooking in OpenProcess." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:watchguard:serverlock:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:watchguard:serverlock:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:watchguard:serverlock:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0642", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8223", "name" : "8223", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/9310", "name" : "9310", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105848106631132&w=2", "name" : "20030717 Bypassing ServerLock protection on Windows 2000", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12666", "name" : "serverlock-physicalmemory-symlink(12666)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local users to access kernel memory via a symlink attack on \\Device\\PhysicalMemory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:watchguard:serverlock:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:watchguard:serverlock:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:watchguard:serverlock:2.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:watchguard:serverlock:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0643", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ultramonkey.org/bugs/cve/CAN-2003-0643.shtml", "name" : "http://www.ultramonkey.org/bugs/cve/CAN-2003-0643.shtml", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.ultramonkey.org/bugs/cve-patch/CAN-2003-0643.patch", "name" : "http://www.ultramonkey.org/bugs/cve-patch/CAN-2003-0643.patch", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog", "name" : "http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://mirror.clarkson.edu/pub/distributions/gentoo-portage/sys-kernel/wolk-sources/ChangeLog", "name" : "http://mirror.clarkson.edu/pub/distributions/gentoo-portage/sys-kernel/wolk-sources/ChangeLog", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://ftp.belnet.be/linux/gentoo-portage/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2003-0643.patch", "name" : "http://ftp.belnet.be/linux/gentoo-portage/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2003-0643.patch", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf", "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/23265", "name" : "23265", "refsource" : "SECUNIA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.3:pre3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.22:pre10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre8:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-25T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0644", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2", "name" : "http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.debian.org/debian-devel-changes/2003/09/msg00767.html", "name" : "[debian-devel-changes] 20030909 Accepted kdbg 1.2.9-1 (i386 source)", "refsource" : "MLIST", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2005-416.html", "name" : "RHSA-2005:416", "refsource" : "REDHAT", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-07T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0645", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-364", "name" : "DSA-364", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8352", "name" : "8352", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106018504800341&w=2", "name" : "20030806 man-db[v2.4.1-]: open_cat_stream() privileged call exploit.", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12848", "name" : "mandb-opencatstream-gain-privileges(12848)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:2.3.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0646", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006488.html", "name" : "20030711 Trend Micro ActiveX Multiple Overflows", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=15274", "name" : "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=15274", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trend_micro:damage_cleanup_server:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trend_micro:housecall:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trend_micro:housecall:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0647", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cisco.com/warp/public/707/cisco-sn-20030730-ios-2gb-get.shtml", "name" : "20030731 Sending 2GB Data in GET Request Causes Buffer Overflow in Cisco IOS Software", "refsource" : "CISCO", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/579324", "name" : "VU#579324", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*", "versionEndIncluding" : "12.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0648", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2004/dsa-472", "name" : "DSA-472", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://securitytracker.com/id?1009655", "name" : "1009655", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1009656", "name" : "1009656", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/10041", "name" : "10041", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/11290", "name" : "11290", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/354838", "name" : "VU#354838", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/900964", "name" : "VU#900964", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15726", "name" : "ftetexteditor-vfte-bo(15726)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fte:fte_text_editor:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-05-04T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0649", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-368", "name" : "DSA-368", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:053", "name" : "MDKSA-2004:053", "refsource" : "MANDRAKE", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local users to execute arbitrary code via a long HOME environment variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xpcd:xpcd:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.08", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0650", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8309", "name" : "8309", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0064.html", "name" : "20030730 GameSpy Arcade Arbitrary File Writing Vulnerability", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.gamespyarcade.com/features/versions.shtml", "name" : "http://www.gamespyarcade.com/features/versions.shtml", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105958779017085&w=2", "name" : "20030730 GameSpy Arcade Arbitrary File Writing Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, possibly versions before 1.3e, allows remote attackers to overwrite arbitrary files and execute arbitrary code via .. (dot dot) sequences in filenames in a .APK (Zip) file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gamespy:arcade:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.3e", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0651", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8287", "name" : "8287", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-07/0355.html", "name" : "20030728 Remotely exploitable overflow in mod_mylo for Apache", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_mylo:mod_mylo:0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_mylo:mod_mylo:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_mylo:mod_mylo:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0652", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-367", "name" : "DSA-367", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106001473329625&w=2", "name" : "20030803 xtokkaetama[v1.0b+]: (missed) buffer overflow exploit.", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in xtokkaetama allows local users to gain privileges via a long -nickname command line argument, a different vulnerability than CVE-2003-0611." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xtokkaetama:xtokkaetama:1.0_b6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0653", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-010.txt.asc", "name" : "NetBSD-SA2003-010", "refsource" : "NETBSD", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier does not use a BSD-required \"PKTHDR\" mbuf when sending certain error responses to the sender of an OSI packet, which allows remote attackers to cause a denial of service (kernel panic or crash) via certain OSI packets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0654", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-373", "name" : "DSA-373", "refsource" : "DEBIAN", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in autorespond may allow remote attackers to execute arbitrary code as the autorespond user via qmail." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autorespond:autorespond:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0655", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.secnetops.com/research/advisories/SRT2003-08-01-0126.txt", "name" : "http://www.secnetops.com/research/advisories/SRT2003-08-01-0126.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105978381618095&w=2", "name" : "20030801 SRT2003-08-01-0126 - cdrtools local root exploit", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "rscsi in cdrtools 2.01 and earlier allows local users to overwrite arbitrary files and gain root privileges by specifying the target file as a command line argument, which is modified while rscsi is running with privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cdrtools:cdrtools:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cdrtools:cdrtools:2.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0656", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-366", "name" : "DSA-366", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:083", "name" : "MDKSA-2003:083", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106252649028401&w=2", "name" : "20030902 GLSA: eroaster (200309-04)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "eroaster before 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file that is used as a lockfile." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eroaster:eroaster:2.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eroaster:eroaster:2.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eroaster:eroaster:2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0657", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-365", "name" : "DSA-365", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgroupware:phpgroupware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.9.14", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0658", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:caldera:openlinux_workstation:3.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:caldera:openserver:5.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:caldera:openlinux_server:3.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sco:unixware:7.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0659", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/967668", "name" : "VU#967668", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8827", "name" : "8827", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-27.html", "name" : "CA-2003-27", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106631999907035&w=2", "name" : "20031016 Listbox And Combobox Control Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=106632111408343&w=2", "name" : "20031016 Listbox And Combobox Control Buffer Overflow", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13424", "name" : "win-user32-control-bo(13424)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A340", "name" : "oval:org.mitre.oval:def:340", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A201", "name" : "oval:org.mitre.oval:def:201", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-045", "name" : "MS03-045", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0660", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/838572", "name" : "VU#838572", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8830", "name" : "8830", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-27.html", "name" : "CA-2003-27", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13422", "name" : "win-authenticode-code-execution(13422)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A198", "name" : "oval:org.mitre.oval:def:198", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A185", "name" : "oval:org.mitre.oval:def:185", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-041", "name" : "MS03-041", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0661", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/989932", "name" : "VU#989932", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3483", "name" : "oval:org.mitre.oval:def:3483", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-034", "name" : "MS03-034", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0662", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/989932", "name" : "VU#989932", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0015.html", "name" : "20031016 Microsoft Local Troubleshooter ActiveX control buffer overflow", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8833", "name" : "8833", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-27.html", "name" : "CA-2003-27", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012205.html", "name" : "20031016 Microsoft Local Troubleshooter ActiveX control buffer overflow", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=106632192709608&w=2", "name" : "20031016 Microsoft Local Troubleshooter ActiveX control buffer overflow", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13423", "name" : "win2k-local-troubleshooter-bo(13423)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A237", "name" : "oval:org.mitre.oval:def:237", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-042", "name" : "MS03-042", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0663", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html", "name" : "TA04-104A", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/639428", "name" : "VU#639428", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/o-114.shtml", "name" : "O-114", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/10114", "name" : "10114", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15700", "name" : "win2k-lsass-ldap-dos(15700)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1016", "name" : "oval:org.mitre.oval:def:1016", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011", "name" : "MS04-011", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-06-01T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0664", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A188", "name" : "oval:org.mitre.oval:def:188", "refsource" : "OVAL", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-035", "name" : "MS03-035", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:98:*:*:ja:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2002:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:works:2001:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:works:2002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:works:2003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:97:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sr1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sr1a:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:97:sr2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:97:sr1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:98:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0665", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/992132", "name" : "VU#992132", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/9668", "name" : "9668", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8536", "name" : "8536", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-038", "name" : "MS03-038", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:access:2000:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:access:97:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:access:2000:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:access:2002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:access:2000:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:access:2000:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:access:2002:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:access:2002:sp2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0666", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0092.html", "name" : "20030903 EEYE: Microsoft WordPerfect Document Converter Buffer Overflow", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106261952827573&w=2", "name" : "20030903 EEYE: Microsoft WordPerfect Document Converter Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106279971612961&w=2", "name" : "20030905 Microsoft WordPerfect Document Converter Exploit", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-036", "name" : "MS03-036", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Microsoft Wordperfect Converter allows remote attackers to execute arbitrary code via modified data offset and data size parameters in a Corel WordPerfect file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:wordperfect_converter:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0669", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F47353", "name" : "47353", "refsource" : "SUNALERT", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4561", "name" : "oval:org.mitre.oval:def:4561", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via \"a rare race condition\" or an attack by local users." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 1.2 }, "severity" : "LOW", "exploitabilityScore" : 1.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0670", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a080703-1.txt", "name" : "A080703-1", "refsource" : "ATSTAKE", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff network packets via the setuid helper applications (1) RunTCPDump, which calls tcpdump, and (2) RunTCPFlow, which calls tcpflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sustainable_softworks:ipnetsentryx:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sustainable_softworks:ipnetmonitorx:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0671", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a080703-1.txt", "name" : "A080703-1", "refsource" : "ATSTAKE", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.atstake.com/research/advisories/2003/a080703-2.txt", "name" : "A080703-2", "refsource" : "ATSTAKE", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jeremy_elson:tcpflow:0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jeremy_elson:tcpflow:0.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jeremy_elson:tcpflow:0.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jeremy_elson:tcpflow:0.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0672", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-370", "name" : "DSA-370", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remote attackers to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leon_j_breedt:pam-pgsql:0.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leon_j_breedt:pam-pgsql:0.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0676", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106036588613929&w=2", "name" : "20030808 Directory Traversal in Sun iPlanet Administration Server 5.1", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in ViewLog for iPlanet Administration Server 5.1 (aka Sun ONE) allows remote attackers to read arbitrary files via \"..%2f\" (partially encoded dot dot) sequences." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:iplanet_directory_server:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_directory_server:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_directory_server:5.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:iplanet_directory_server:5.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_directory_server:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_directory_server:5.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_directory_server:5.0_sp2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:iplanet_directory_server:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:iplanet_directory_server:5.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_directory_server:5.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0677", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/332284", "name" : "20030807 Cisco CSS 11000 Series DoS", "refsource" : "BUGTRAQ", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0073.html", "name" : "20030807 Cisco CSS 11000 Series DoS", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0079.html", "name" : "20030808 Re: [VulnWatch] Cisco CSS 11000 Series DoS", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to cause a denial of service (CPU consumption or reboot) via a large number of TCP SYN packets to the circuit IP address, aka \"ONDM Ping failure.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:webns:5.0_0.038s:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0678", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0679", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030802-01-P", "name" : "20030802-01-P", "refsource" : "SGI", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the libcpr library for the Checkpoint/Restart (cpr) system on SGI IRIX 6.5.21f and earlier allows local users to truncate or overwrite certain files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.5.21f", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0680", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030901-01-P", "name" : "20030901-01-P", "refsource" : "SGI", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow an NFS client to bypass read-only restrictions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21m:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-06T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0681", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.sendmail.org/8.12.10.html", "name" : "http://www.sendmail.org/8.12.10.html", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/8649", "name" : "8649", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742", "name" : "CLA-2003:742", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-384", "name" : "DSA-384", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-283.html", "name" : "RHSA-2003:283", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/108964", "name" : "VU#108964", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:092", "name" : "MDKSA-2003:092", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106383437615742&w=2", "name" : "20030917 GLSA: sendmail (200309-13)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106398718909274&w=2", "name" : "20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13216", "name" : "sendmail-ruleset-parsing-bo(13216)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A595", "name" : "oval:org.mitre.oval:def:595", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3606", "name" : "oval:org.mitre.oval:def:3606", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A \"potential buffer overflow in ruleset parsing\" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:advanced_message_server:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:advanced_message_server:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:2.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_pro:8.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:2.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_pro:8.9.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:sh3:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_server:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_server:6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_advanced_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-06T04:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0682", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-382", "name" : "DSA-382", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-280.html", "name" : "RHSA-2003:280", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000741", "name" : "CLA-2003:741", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-383", "name" : "DSA-383", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106373546332230&w=2", "name" : "RHSA-2003:279", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106381409220492&w=2", "name" : "20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A446", "name" : "oval:org.mitre.oval:def:446", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\"Memory bugs\" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.7.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-06T04:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0683", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8921", "name" : "8921", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20031004-01-P", "name" : "20031004-01-P", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://www.osvdb.org/2734", "name" : "2734", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10095", "name" : "10095", "refsource" : "SECUNIA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certain configurations when an /etc/exports entry uses wildcards without any hostnames or groups, which could allow attackers to bypass intended restrictions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21f:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2008-09-05T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0684", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0685", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-372", "name" : "DSA-372", "refsource" : "DEBIAN", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106071059430211&w=2", "name" : "20030812 Netris client Buffer Overflow Vulnerability.", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Netris 0.52 and earlier, and possibly other versions, allows remote malicious Netris servers to execute arbitrary code on netris clients via a long server response." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netris:netris:0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netris:netris:0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netris:netris:0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2016-10-18T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0686", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-262.html", "name" : "RHSA-2003:262", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-374", "name" : "DSA-374", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://us2.samba.org/samba/ftp/pam_smb/", "name" : "http://us2.samba.org/samba/ftp/pam_smb/", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-50.txt", "name" : "TLSA-2003-50", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-261.html", "name" : "RHSA-2003:261", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/680260", "name" : "VU#680260", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/9611", "name" : "9611", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000734", "name" : "CLA-2003:734", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106252769930090&w=2", "name" : "20030901 GLSA: pam_smb (200309-01)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A469", "name" : "oval:org.mitre.oval:def:469", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dave_airlie:pam_smb:1.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dave_airlie:pam_smb:1.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:pam_smb:1.1.6-7:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dave_airlie:pam_smb:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dave_airlie:pam_smb:2.0_rc4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:pam_smb:1.1.6-2:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dave_airlie:pam_smb:1.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dave_airlie:pam_smb:1.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dave_airlie:pam_smb:1.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dave_airlie:pam_smb:1.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:pam_smb:1.1.6-2:*:ia64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:pam_smb:1.1.6-5:*:i386:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0687", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been revoked by its Candidate Numbering Authority (CNA) because it was internally assigned to a problem that was not reachable (the affected routine was not used by the software). Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2004-08-18T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0688", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-265.html", "name" : "RHSA-2003:265", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.sendmail.org/dnsmap1.html", "name" : "http://www.sendmail.org/dnsmap1.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030803-01-P", "name" : "20030803-01-P", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_035_sendmail.html", "name" : "SuSE-SA:2003:035", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/993452", "name" : "VU#993452", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000727", "name" : "CLA-2003:727", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:086", "name" : "MDKSA-2003:086", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A597", "name" : "oval:org.mitre.oval:def:597", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The DNS map code in Sendmail 8.12.8 and earlier, when using the \"enhdnsbl\" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:sendmail:8.12.8-4:*:i386_dev:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:sendmail:8.12.8-4:*:i386_doc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:sendmail:8.12.5-7:*:i386_dev:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:sendmail:8.12.5-7:*:i386_doc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:sendmail:8.12.5-7:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:sendmail:8.12.5-7:*:i386_cf:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:sendmail:8.12.8-4:*:i386_cf:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:sendmail:8.12.8-4:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0689", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-249.html", "name" : "RHSA-2003:249", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-325.html", "name" : "RHSA-2003:325", "refsource" : "REDHAT", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0690", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kde.org/info/security/advisory-20030916-1.txt", "name" : "http://www.kde.org/info/security/advisory-20030916-1.txt", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-270.html", "name" : "RHSA-2003:270", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html", "name" : "http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-388", "name" : "DSA-388", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-443", "name" : "DSA-443", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-286.html", "name" : "RHSA-2003:286", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-289.html", "name" : "RHSA-2003:289", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747", "name" : "CLA-2003:747", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-287.html", "name" : "RHSA-2003:287", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-288.html", "name" : "RHSA-2003:288", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:091", "name" : "MDKSA-2003:091", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106374551513499&w=2", "name" : "20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A193", "name" : "oval:org.mitre.oval:def:193", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:1.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.3a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.0_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.1a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.5b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.5a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:1.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-06T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0691", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not associated with any specific security issue. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0692", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kde.org/info/security/advisory-20030916-1.txt", "name" : "http://www.kde.org/info/security/advisory-20030916-1.txt", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-270.html", "name" : "RHSA-2003:270", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-388", "name" : "DSA-388", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html", "name" : "http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747", "name" : "CLA-2003:747", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-288.html", "name" : "RHSA-2003:288", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:091", "name" : "MDKSA-2003:091", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106374551513499&w=2", "name" : "20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A215", "name" : "oval:org.mitre.oval:def:215", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.0_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:1.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:1.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.1a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.5b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.5a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:2.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.3a:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-06T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0693", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/333628", "name" : "VU#333628", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.openssh.com/txt/buffer.adv", "name" : "http://www.openssh.com/txt/buffer.adv", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010135.html", "name" : "20030915 openssh remote exploit", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010146.html", "name" : "20030916 The lowdown on SSH vulnerability", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010103.html", "name" : "20030915 new ssh exploit?", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-280.html", "name" : "RHSA-2003:280", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-382", "name" : "DSA-382", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-383", "name" : "DSA-383", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.cert.org/advisories/CA-2003-24.html", "name" : "CA-2003-24", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:090", "name" : "MDKSA-2003:090", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000620.1-1", "name" : "1000620", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106374466212309&w=2", "name" : "20030916 [slackware-security] OpenSSH Security Advisory (SSA:2003-259-01)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106373247528528&w=2", "name" : "20030916 OpenSSH Buffer Management Bug Advisory", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106373546332230&w=2", "name" : "RHSA-2003:279", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106381396120332&w=2", "name" : "2003-0033", "refsource" : "TRUSTIX", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106381409220492&w=2", "name" : "20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13191", "name" : "openssh-packet-bo(13191)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A447", "name" : "oval:org.mitre.oval:def:447", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2719", "name" : "oval:org.mitre.oval:def:2719", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A \"buffer management error\" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-22T04:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0694", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.sendmail.org/8.12.10.html", "name" : "http://www.sendmail.org/8.12.10.html", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-25.html", "name" : "CA-2003-25", "refsource" : "CERT", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html", "name" : "20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bug", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-283.html", "name" : "RHSA-2003:283", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-284.html", "name" : "RHSA-2003:284", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742", "name" : "CLA-2003:742", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-384", "name" : "DSA-384", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt", "name" : "SCOSA-2004.11", "refsource" : "SCO", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html", "name" : "20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/784980", "name" : "VU#784980", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:092", "name" : "MDKSA-2003:092", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106383437615742&w=2", "name" : "20030917 GLSA: sendmail (200309-13)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106382859407683&w=2", "name" : "20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106381604923204&w=2", "name" : "20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106398718909274&w=2", "name" : "20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603", "name" : "oval:org.mitre.oval:def:603", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572", "name" : "oval:org.mitre.oval:def:572", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975", "name" : "oval:org.mitre.oval:def:2975", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:advanced_message_server:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:advanced_message_server:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_pro:8.9.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:2.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:2.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_pro:8.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g_pk4_bl22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk4_bl21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:release_p38:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:releng:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:release_p17:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_server:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk3_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk4_bl18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:releng:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:release_p42:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk5_bl19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk5_bl23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_server:6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:releng:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:3.0:releng:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.8:release_p6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.1:release_p5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:release_p20:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:sh3:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk8_bl22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:releng:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.9:pre-release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk6_bl20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.0:releng:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_advanced_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:release_p14:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:releng:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:release_p32:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b_pk2_bl22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:releng:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-06T04:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0695", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-280.html", "name" : "RHSA-2003:280", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-383", "name" : "DSA-383", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.openssh.com/txt/buffer.adv", "name" : "http://www.openssh.com/txt/buffer.adv", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-382", "name" : "DSA-382", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000741", "name" : "CLA-2003:741", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:090", "name" : "MDKSA-2003:090", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106373546332230&w=2", "name" : "RHSA-2003:279", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106381396120332&w=2", "name" : "2003-0033", "refsource" : "TRUSTIX", "tags" : [ ] }, { "url" : "http://marc.info/?l=openbsd-security-announce&m=106375582924840", "name" : "http://marc.info/?l=openbsd-security-announce&m=106375582924840", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106382542403716&w=2", "name" : "20030917 [slackware-security] OpenSSH updated again (SSA:2003-260-01)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106381409220492&w=2", "name" : "20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A452", "name" : "oval:org.mitre.oval:def:452", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple \"buffer management errors\" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.7.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-06T04:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0696", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?mode=7&heading=AIX51&topic=SECURITY&month=200310&label=getipnodebyname%28%29+API+does+not+close+sockets.&date=20031001&bulletin=datafile150755&embed=true", "name" : "https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?mode=7&heading=AIX51&topic=SECURITY&month=200310&label=getipnodebyname%28%29+API+does+not+close+sockets.&date=20031001&bulletin=datafile150755&embed=true", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8738", "name" : "8738", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13328", "name" : "aix-sendmail-getipnodebyname-dos(13328)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-20T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0697", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY45344&apar=only", "name" : "IY45344", "refsource" : "AIXAPAR", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2003.1605.1", "name" : "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2003.1605.1", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY45250&apar=only", "name" : "IY45250", "refsource" : "AIXAPAR", "tags" : [ ] }, { "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY46256&apar=only", "name" : "IY46256", "refsource" : "AIXAPAR", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-06T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0698", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0743. Reason: This candidate is a duplicate of CVE-2003-0743. Notes: All CVE users should reference CVE-2003-0743 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0699", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html", "name" : "RHSA-2003:198", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html", "name" : "RHSA-2003:238", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-239.html", "name" : "RHSA-2003:239", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A387", "name" : "oval:org.mitre.oval:def:387", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0700", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html", "name" : "RHSA-2003:238", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-044.html", "name" : "RHSA-2004:044", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A401", "name" : "oval:org.mitre.oval:def:401", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0699." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:kernel:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.4.21", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-17T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0701", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/334928", "name" : "VU#334928", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106148101210479&w=2", "name" : "20030820 [SNS Advisory No.68] Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12970", "name" : "ie-dbcs-object-bo(12970)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032", "name" : "MS03-032", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2018-10-12T21:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0702", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.enteredge.com/research/CAN-2003-0702.asp", "name" : "http://www.enteredge.com/research/CAN-2003-0702.asp", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106278164225389&w=2", "name" : "20030905 ISS Server Sensor Denial of Service", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13088", "name" : "realsecure-isapi-dos(13088)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU 20.16, 20.18, and possibly other versions before 20.19, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code in Internet Information Server (IIS) via a certain URL through SSL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu20.16:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu20.18:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0703", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8497", "name" : "8497", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.atstake.com/research/advisories/2003/a082203-1.txt", "name" : "A082203-1", "refsource" : "ATSTAKE", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13008", "name" : "kismac-exchangekernel-kernel-overwrite(13008)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13007", "name" : "kismac-driverkext-load-modules(13007)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "KisMAC before 0.05d trusts user-supplied variables to load arbitrary kernels or kernel modules, which allows local users to gain privileges via the $DRIVER_KEXT environment variable as used in (1) viha_driver.sh, (2) macjack_load.sh, or (3) airojack_load.sh, or (4) via \"similar techniques\" using exchangeKernel.sh." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kismac:kismac:0.05d:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-17T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0704", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a082203-1.txt", "name" : "A082203-1", "refsource" : "ATSTAKE", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8497", "name" : "8497", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13010", "name" : "kismac-viha-gain-privileges(13010)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13009", "name" : "kismac-setuid-modify-ownership(13009)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13006", "name" : "kismac-driverkext-modify-ownership(13006)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "KisMAC before 0.05d trusts user-supplied variables when chown'ing files or directories, which allows local users to gain privileges via the $DRIVER_KEXT environment variable in (1) viha_driver.sh, (2) macjack_load.sh, (3) airojack_load.sh, (4) setuid_enable.sh, (5) setuid_disable.sh, and using a \"similar technique\" for (6) viha_prep.sh and (7) viha_unprep.sh." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kismac:kismac:0.05d:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-17T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0705", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-378", "name" : "DSA-378", "refsource" : "DEBIAN", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nicolas_boullis:mah-jong:1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-17T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0706", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-378", "name" : "DSA-378", "refsource" : "DEBIAN", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote attackers to cause a denial of service (tight loop)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nicolas_boullis:mah-jong:1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-17T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0707", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-375", "name" : "DSA-375", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in LinuxNode (node) before 0.3.2 allows remote attackers to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tomi_manninen:linuxnode:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.3.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0708", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-375", "name" : "DSA-375", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in LinuxNode (node) before 0.3.2 may allow attackers to cause a denial of service or execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tomi_manninen:linuxnode:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.3.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0709", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.zone-h.org/en/advisories/read/id=2925/", "name" : "http://www.zone-h.org/en/advisories/read/id=2925/", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:whois:whois:4.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:whois:whois:4.6.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0711", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/467036", "name" : "VU#467036", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8828", "name" : "8828", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ngssoftware.com/advisories/ms-pchealth.txt", "name" : "http://www.ngssoftware.com/advisories/ms-pchealth.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.cert.org/advisories/CA-2003-27.html", "name" : "CA-2003-27", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=106632194809632&w=2", "name" : "20031016 Microsoft PCHealth 2003/XP Buffer Overflow (#NISR15102003)", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106631908105696&w=2", "name" : "20031016 Microsoft PCHealth 2003/XP Buffer Overflow (#NISR15102003)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4706", "name" : "oval:org.mitre.oval:def:4706", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3889", "name" : "oval:org.mitre.oval:def:3889", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3685", "name" : "oval:org.mitre.oval:def:3685", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A217", "name" : "oval:org.mitre.oval:def:217", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-044", "name" : "MS03-044", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0712", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/435444", "name" : "VU#435444", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8832", "name" : "8832", "refsource" : "BID", "tags" : [ "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-27.html", "name" : "CA-2003-27", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106631918405915&w=2", "name" : "20031016 Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow", "refsource" : "BUGTRAQ", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-047", "name" : "MS03-047", "refsource" : "MS", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2020-04-09T13:48Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0714", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/422156", "name" : "VU#422156", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8838", "name" : "8838", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-27.html", "name" : "CA-2003-27", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106682909006586&w=2", "name" : "20031022 MS03-046 Microsoft Exchange 2000 Heap Overflow", "refsource" : "BUGTRAQ", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-046", "name" : "MS03-046", "refsource" : "MS", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:2000:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:2000:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:2000:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2020-04-09T13:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0715", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cert.org/advisories/CA-2003-23.html", "name" : "CA-2003-23", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/483492", "name" : "VU#483492", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106322856608909&w=2", "name" : "20030910 EEYE: Microsoft RPC Heap Corruption Vulnerability - Part II", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4224", "name" : "oval:org.mitre.oval:def:4224", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A264", "name" : "oval:org.mitre.oval:def:264", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A20", "name" : "oval:org.mitre.oval:def:20", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1813", "name" : "oval:org.mitre.oval:def:1813", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1202", "name" : "oval:org.mitre.oval:def:1202", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-039", "name" : "MS03-039", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-17T04:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0717", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/575892", "name" : "VU#575892", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8826", "name" : "8826", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-27.html", "name" : "CA-2003-27", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106666713812158&w=2", "name" : "20031018 Proof of concept for Windows Messenger Service overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=106632188709562&w=2", "name" : "20031016 MS03-043 Popup Messenger Servce buffer-overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A268", "name" : "oval:org.mitre.oval:def:268", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A213", "name" : "oval:org.mitre.oval:def:213", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-043", "name" : "MS03-043", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0718", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=109762641822064&w=2", "name" : "20041012 Microsoft IIS 5.x/6.0 WebDAV (XML parser) attribute blowup DoS", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17656", "name" : "iis-ms04030-patch(17656)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17645", "name" : "iis-webdav-xml-attribute-dos(17645)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4767", "name" : "oval:org.mitre.oval:def:4767", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427", "name" : "oval:org.mitre.oval:def:1427", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330", "name" : "oval:org.mitre.oval:def:1330", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030", "name" : "MS04-030", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-11-03T05:00Z", "lastModifiedDate" : "2020-11-23T19:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0719", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://xforce.iss.net/xforce/alerts/id/168", "name" : "20040413 Microsoft SSL Library Remote Compromise Vulnerability", "refsource" : "ISS", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/361836", "name" : "20040430 A technical description of the SSL PCT vulnerability (CVE-2003-0719)", "refsource" : "BUGTRAQ", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html", "name" : "TA04-104A", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/586540", "name" : "VU#586540", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A951", "name" : "oval:org.mitre.oval:def:951", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A903", "name" : "oval:org.mitre.oval:def:903", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A889", "name" : "oval:org.mitre.oval:def:889", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1093", "name" : "oval:org.mitre.oval:def:1093", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011", "name" : "MS04-011", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:netmeeting:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-06-01T04:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0720", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/advisory/09.10.03.txt", "name" : "http://www.idefense.com/advisory/09.10.03.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-273.html", "name" : "RHSA-2003:273", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0099.html", "name" : "20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-274.html", "name" : "RHSA-2003:274", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106329356702508&w=2", "name" : "20030911 [slackware-security] security issues in pine (SSA:2003-253-01)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106322571805153&w=2", "name" : "20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A499", "name" : "oval:org.mitre.oval:def:499", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.56:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.33:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.52:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.53:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:3.98:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.50:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.44:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-17T04:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0721", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/advisory/09.10.03.txt", "name" : "20030910 Two Exploitable Overflows in PINE", "refsource" : "IDEFENSE", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-273.html", "name" : "RHSA-2003:273", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009850.html", "name" : "20030911 Pine: .procmailrc rule against integer overflow", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-274.html", "name" : "RHSA-2003:274", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106329356702508&w=2", "name" : "20030911 [slackware-security] security issues in pine (SSA:2003-253-01)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106367213400313&w=2", "name" : "20030915 remote Pine <= 4.56 exploit fully automatic", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A503", "name" : "oval:org.mitre.oval:def:503", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.33:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.44:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:3.98:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.50:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.52:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.56:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.53:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-17T04:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0722", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/advisory/09.16.03.txt", "name" : "http://www.idefense.com/advisory/09.16.03.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0115.html", "name" : "20030918 Solaris SADMIND Exploitation", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/41870", "name" : "VU#41870", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-148.shtml", "name" : "N-148", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8615", "name" : "8615", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9742", "name" : "9742", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56740-1&searchclause=security", "name" : "56740", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106391959014331&w=2", "name" : "20030918 Solaris SADMIND Exploitation", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1273", "name" : "oval:org.mitre.oval:def:1273", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-22T04:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0723", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:087", "name" : "MDKSA-2003:087", "refsource" : "MANDRAKE", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow remote attackers to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gkrellm:gkrellm:2.1.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gkrellm:gkrellm:2.1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0724", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/advisories/5736", "name" : "SSRT3588", "refsource" : "HP", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8492", "name" : "8492", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signatures when digital certificates and RSA keys are used, which could allow local and remote attackers to gain privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b_pk2_bl22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk4_bl21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk5_bl23:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0725", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8476", "name" : "8476", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0087.html", "name" : "20030825 New Bug in RealServer", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://lists.immunitysec.com/pipermail/dailydave/2003-August/000030.html", "name" : "http://lists.immunitysec.com/pipermail/dailydave/2003-August/000030.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.service.real.com/help/faq/security/rootexploit082203.html", "name" : "http://www.service.real.com/help/faq/security/rootexploit082203.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/934932", "name" : "VU#934932", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the RTSP protocol parser for the View Source plug-in (vsrcplin.so or vsrcplin3260.dll) for RealNetworks Helix Universal Server 9 and RealSystem Server 8, 7 and RealServer G2 allows remote attackers to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:helix_universal_server:8.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realserver:7.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realserver:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:helix_universal_server:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:helix_universal_server:9.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:helix_universal_server:9.0.2.794:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realserver:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realserver:8.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realserver:8.0_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realserver:g2_1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realserver:7.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realserver:8.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0726", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/335293", "name" : "20030827 RealOne Player Allows Cross Zone and Domain Access", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8453", "name" : "8453", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html", "name" : "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.service.real.com/help/faq/security/securityupdate_august2003.html", "name" : "http://www.service.real.com/help/faq/security/securityupdate_august2003.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1007532", "name" : "1007532", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028", "name" : "realone-smil-execute-code(13028)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.10.505:gold:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_desktop_manager:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.1 }, "severity" : "MEDIUM", "exploitabilityScore" : 4.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : true } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0727", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://otn.oracle.com/deploy/security/pdf/2003Alert58.pdf", "name" : "http://otn.oracle.com/deploy/security/pdf/2003Alert58.pdf", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://www.exploit-db.com/exploits/42780/", "name" : "42780", "refsource" : "EXPLOIT-DB", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2017-09-28T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0728", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106081310531567&w=2", "name" : "20030813 PCL-0001: Remote Vulnerability in HORDE MTA < 2.2.4", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106252836330987&w=2", "name" : "20030901 GLSA: horde (200309-02)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:horde:horde:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.2.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2016-10-18T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0729", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securiteam.com/windowsntfocus/5RP0M1PAUM.html", "name" : "http://www.securiteam.com/windowsntfocus/5RP0M1PAUM.html", "refsource" : "MISC", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0091.html", "name" : "20030901 Security Vulnerability in Tellurian TftpdNT (Long Filename)", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106252411425545&w=2", "name" : "20030901 Security Vulnerability in Tellurian TftpdNT (Long Filename)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to execute arbitrary code via a TFTP request with a long filename." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tellurian:tftpdnt:1.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tellurian:tftpdnt:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2016-10-18T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0730", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8514", "name" : "8514", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-380", "name" : "DSA-380", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-286.html", "name" : "RHSA-2003:286", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-288.html", "name" : "RHSA-2003:288", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-289.html", "name" : "RHSA-2003:289", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc", "name" : "NetBSD-SA2003-015", "refsource" : "NETBSD", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc", "name" : "20031101-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821", "name" : "CLA-2004:821", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm", "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-287.html", "name" : "RHSA-2003:287", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1", "name" : "102803", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/24168", "name" : "24168", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/24247", "name" : "24247", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:089", "name" : "MDKSA-2003:089", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.vupen.com/english/advisories/2007/0589", "name" : "ADV-2007-0589", "refsource" : "VUPEN", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106229335312429&w=2", "name" : "20030830 Multiple integer overflows in XFree86 (local/remote)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2016-10-18T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0731", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/333028", "name" : "20030813 Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalation Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml", "name" : "20030813 CiscoWorks Application Vulnerabilities", "refsource" : "CISCO", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the \"cmd\" parameter with a modifyUser value and a modified \"priviledges\" parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:resource_manager:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:resource_manager_essentials:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:resource_manager_essentials:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:resource_manager:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:resource_manager_essentials:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ciscoworks_cd1:1st:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ciscoworks_cd1:3rd:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ciscoworks_cd1:4th:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ciscoworks_cd1:5th:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ciscoworks_cd1:2nd:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0732", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/333028", "name" : "20030813 Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalation Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml", "name" : "20030813 CiscoWorks Application Vulnerabilities", "refsource" : "CISCO", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the \"guest\" user to the Admin user on the Modify or delete users pages." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:resource_manager:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:resource_manager_essentials:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:resource_manager:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:resource_manager_essentials:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:resource_manager_essentials:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ciscoworks_cd1:3rd:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ciscoworks_cd1:5th:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ciscoworks_cd1:1st:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ciscoworks_cd1:2nd:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ciscoworks_cd1:4th:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0733", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8357", "name" : "8357", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp", "name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:liquid_data:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_integration:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_integration:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0734", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:088", "name" : "MDKSA-2003:088", "refsource" : "MANDRAKE", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162, when LDAP based authentication is being used, allows users to bypass host-based access restrictions and log onto the system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:padl_software:pam_ldap:*:*:*:*:*:*:*:*", "versionEndIncluding" : "162", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0735", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/925166", "name" : "VU#925166", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106252188522715&w=2", "name" : "20030902 GLSA: phpwebsite (200309-03)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106062021711496&w=2", "name" : "20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpwebsite:phpwebsite:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.9.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2016-10-18T02:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0736", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/664422", "name" : "VU#664422", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106252188522715&w=2", "name" : "20030902 GLSA: phpwebsite (200309-03)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106062021711496&w=2", "name" : "20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpwebsite:phpwebsite:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.9.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0737", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106252188522715&w=2", "name" : "20030902 GLSA: phpwebsite (200309-03)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106062021711496&w=2", "name" : "20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime() in TimeZone.php of the Pear library." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpwebsite:phpwebsite:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.9.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0738", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-134" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106252188522715&w=2", "name" : "20030902 GLSA: phpwebsite (200309-03)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106062021711496&w=2", "name" : "20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service (crash) via a long year parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpwebsite:phpwebsite:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.9.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0739", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1106", "name" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1106", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106029217115023&w=2", "name" : "20030807 VMware Workstation 4.0.1 (for Linux systems) vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.0.1_build_5289", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0740", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-297.html", "name" : "RHSA-2003:297", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000736", "name" : "CLA-2003:736", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:108", "name" : "MDKSA-2003:108", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106260760211958&w=2", "name" : "20030903 Stunnel-3.x Daemon Hijacking", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.4a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.21c:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.21b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.21a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0741", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0742", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious \"hostname\" program." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-06T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0743", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-376", "name" : "DSA-376", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.exim.org/pipermail/exim-announce/2003q3/000094.html", "name" : "http://www.exim.org/pipermail/exim-announce/2003q3/000094.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057720.html", "name" : "[Exim] 20030814 Minor security bug", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057809.html", "name" : "[Exim] 20030815 Minor security bug", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "http://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog", "name" : "http://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog", "name" : "http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000735", "name" : "CLA-2003:735", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106252015820395&w=2", "name" : "20030901 exim remote heap overflow, probably not exploitable", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=vuln-dev&m=106264740820334&w=2", "name" : "20030903 Re: exim remote heap overflow, probably not exploitable", "refsource" : "VULN-DEV", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the \"(no argument given)\" string is appended to the buffer." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:4.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.34:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:4.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.31:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.33:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.35:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0744", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/", "name" : "20030903 leafnode 1.9.3 - 1.9.41 security announcement SA-2003-01", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://leafnode.sourceforge.net/leafnode-SA-2003-01.txt", "name" : "http://leafnode.sourceforge.net/leafnode-SA-2003-01.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8541", "name" : "8541", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/6452", "name" : "6452", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9678", "name" : "9678", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106270038210736&w=2", "name" : "20030904 leafnode 1.9.3 - 1.9.41 security announcement SA-2003-01", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote attackers to cause a denial of service (process hang and termination) via certain malformed Usenet news articles that cause fetchnews to hang while waiting for input." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.37:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.27:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.29:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.26:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.25:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.31:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.39:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.35:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0745", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-08/0340.html", "name" : "20030825 SNMPc v5 and v6 remote vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SNMPc 6.0.8 and earlier performs authentication to the server on the client side, which allows remote attackers to gain privileges by decrypting the password that is returned by the server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:castle_rock_computing:snmpc:6.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:castle_rock_computing:snmpc:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:castle_rock_computing:snmpc:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:castle_rock_computing:snmpc:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0746", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/377804", "name" : "VU#377804", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.secunia.com/advisories/9482", "name" : "9482", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/hp/2003-q3/0042.html", "name" : "HPSBUX0308-274", "refsource" : "HP", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030902-01-P", "name" : "20030902-01-P", "refsource" : "SGI", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Various Distributed Computing Environment (DCE) implementations, including HP OpenView, allow remote attackers to cause a denial of service (process hang or termination) via certain malformed inputs, as triggered by attempted exploits against the vulnerabilities CVE-2003-0352 or CVE-2003-0605, such as the Blaster/MSblast/LovSAN worm." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0747", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html", "name" : "20030830 SAP Internet Transaction Server", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8515", "name" : "8515", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13063", "name" : "its-wgatedll-information-disclosure(13063)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:4620.2.0.323011:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0748", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html", "name" : "20030830 SAP Internet Transaction Server", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8516", "name" : "8516", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13066", "name" : "its-wgatedll-directory-traversal(13066)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:4620.2.0.323011:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0749", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html", "name" : "20030830 SAP Internet Transaction Server", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8517", "name" : "8517", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:4620.2.0.323011:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0750", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0089.html", "name" : "20030826 [PHP] PY-Membres 4.2 : Admin Access, SQL Injection", "refsource" : "VULNWATCH", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "secure.php in PY-Membres 4.2 and earlier allows remote attackers to bypass authentication by setting the adminpy parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:py-membres:py-membres:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:py-membres:py-membres:4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:py-membres:py-membres:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0751", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0089.html", "name" : "20030826 [PHP] PY-Membres 4.2 : Admin Access, SQL Injection", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:py-membres:py-membres:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:py-membres:py-membres:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:py-membres:py-membres:4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0752", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0090.html", "name" : "20030826 [PHP] AttilaPHP 3.0 : User/Admin Access", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possibly earlier versions, allows remote attackers to bypass authentication via a modified cook_id parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:attila-php.net:attilaphp:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0753", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-08/0345.html", "name" : "20030824 newsPHP file inclusion & bad login validation", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "nphpd.php in newsPHP 216 and earlier allows remote attackers to read arbitrary files via a full pathname to the target file in the nphp_config[LangFile] parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:newsphp:newsphp:*:*:*:*:*:*:*:*", "versionEndIncluding" : "216", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0754", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-08/0345.html", "name" : "20030824 newsPHP file inclusion & bad login validation", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass authentication via an HTTP request with a modified nphp_users array, which is used for authentication." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:newsphp:newsphp:*:*:*:*:*:*:*:*", "versionEndIncluding" : "216", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0755", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vuln-dev/2003-q3/0101.html", "name" : "20030826 gtkftpd[v1.0.4(and below)]: remote root buffer overflow exploit.", "refsource" : "VULN-DEV", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows remote attackers to execute arbitrary code by creating long directory names and listing them with a LIST command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gtkftpd:gtkftp:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gtkftpd:gtkftp:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gtkftpd:gtkftp:1.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0756", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-09/0011.html", "name" : "20030831 Directory Traversal in SITEBUILDER - v1.4", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder 1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the selectedpage parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sitebuilder:sitebuilder:1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0757", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-09/0018.html", "name" : "20030902 IRM 007: The IP addresses of Check Point Firewall-1 internal interfaces may be enumerated using SecuRemote", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkpoint:firewall-1:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkpoint:firewall-1:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-20T04:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0758", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8552", "name" : "8552", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0114.html", "name" : "20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-154.shtml", "name" : "N-154", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10", "name" : "http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106389919618721&w=2", "name" : "20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13218", "name" : "ibm-db2-db2dart-bo(13218)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.2:*:linux:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-06T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0759", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8553", "name" : "8553", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0114.html", "name" : "20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/aparlib.d2w/display_apar_details?aparno=IY47653", "name" : "IY47653", "refsource" : "AIXAPAR", "tags" : [ ] }, { "url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt", "name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-154.shtml", "name" : "N-154", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10", "name" : "http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106389919618721&w=2", "name" : "20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.2:*:linux:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-06T04:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0760", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securiteam.com/windowsntfocus/5RP0N15AUC.html", "name" : "http://www.securiteam.com/windowsntfocus/5RP0N15AUC.html", "refsource" : "MISC", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/8482", "name" : "8482", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13012", "name" : "blubster-port701-dos(13012)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Blubster 2.5 allows remote attackers to cause a denial of service (crash) via a flood of connections to UDP port 701." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:optisoft:blubster:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-17T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0761", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a090403-1.txt", "name" : "A090403-1", "refsource" : "ATSTAKE", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:digium:asterisk:1.2.13:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-17T04:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0762", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0096.html", "name" : "20030905 [SCAN Associates Sdn Bhd Security Advisory] Foxweb 2.5 bufferoverflow in CGI and ISAPI extension", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 allows remote attackers to execute arbitrary code via a long URL (PATH_INFO value)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:foxweb:foxweb:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-17T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0763", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106312344631197&w=2", "name" : "20030909 Escapade Scripting Engine XSS Vulnerability and Path Disclosure", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine (ESP) allows remote attackers to inject arbitrary script via the method parameter, as demonstrated using the PAGE parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:squished_mosquito:escapade:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-17T04:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0764", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106312344631197&w=2", "name" : "20030909 Escapade Scripting Engine XSS Vulnerability and Path Disclosure", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Escapade Scripting Engine (ESP) allows remote attackers to obtain sensitive path information via a malformed request, which leaks the information in an error message, as demonstrated using the PAGE parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:squished_mosquito:escapade:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-17T04:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0765", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106305643432112&w=2", "name" : "20030908 Winamp 2.91 lets code execution through MIDI files", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large \"Track data size\" value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-17T04:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0766", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106305502230604&w=2", "name" : "20030908 Multiple Heap Overflows in FTP Desktop", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple heap-based buffer overflows in FTP Desktop client 3.5, and possibly earlier versions, allow remote malicious servers to execute arbitrary code via (1) a long FTP banner, (2) a long response to a USER command, or (3) a long response to a PASS command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ftp_desktop:ftp_desktop:3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-17T04:00Z", "lastModifiedDate" : "2017-04-29T01:59Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0767", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106304902323758&w=2", "name" : "20030908 Rogerwilco: server's buffer overflow", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial of service and execute arbitrary code via a client request with a large length value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_dedicated_server:0.30a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_graphical_server:1.4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_dedicated_server:0.26:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_dedicated_server:0.27:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_graphical_server:1.4.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_graphical_server:1.4.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_graphical_server:1.4.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_graphical_server:1.4.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_dedicated_server:0.28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_dedicated_server:0.29:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_graphical_server:1.4.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-17T04:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0768", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106304326916062&w=2", "name" : "20030908 Advisory: Incorrect Handling of XSS Protection in ASP.Net", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:asp.net:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-22T04:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0769", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3777:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3799:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3800:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-22T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0770", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/317234", "name" : "20030401 IkonBoard v3.1.1: arbitrary command execution", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/336598", "name" : "20030908 IkonBoard 3.1.2a arbitrary command execution", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106381136115972&w=2", "name" : "20030917 Exploit: IkonBoard 3.1.1/3.1.2a arbitrary command execution", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the \"lang\" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl \"eval\" statement." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ikonboard.com:ikonboard:3.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ikonboard.com:ikonboard:3.1.2a:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-22T04:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0771", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106304236914921&w=2", "name" : "20030907 Apache::Gallery local webserver compromise, privilege escalation", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache_gallery:apache_gallery:0.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache_gallery:apache_gallery:0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache_gallery:apache_gallery:0.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache_gallery:apache_gallery:0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache_gallery:apache_gallery:0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-22T04:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0772", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8542", "name" : "8542", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/219140", "name" : "VU#219140", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/792284", "name" : "VU#792284", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/9671", "name" : "9671", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106288825902868&w=2", "name" : "20030906 Remote and Local Vulnerabilities In WS_FTP Server", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13119", "name" : "wsftp-ftp-command-bo(13119)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:progress:ipswitch_ws_ftp_server:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ipswitch:ws_ftp_server:4.01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-22T04:00Z", "lastModifiedDate" : "2019-08-13T14:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0773", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8595", "name" : "8595", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-278.html", "name" : "RHSA-2003:278", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-285.html", "name" : "RHSA-2003:285", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_046_sane.html", "name" : "SuSE-SA:2003:046", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt", "name" : "CSSA-2004-005.0", "refsource" : "SCO", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099", "name" : "MDKSA-2003:099", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8593", "name" : "8593", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-379", "name" : "DSA-379", "refsource" : "DEBIAN", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane-backend:1.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-22T04:00Z", "lastModifiedDate" : "2013-08-23T04:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0774", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-379", "name" : "DSA-379", "refsource" : "DEBIAN", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-278.html", "name" : "RHSA-2003:278", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-285.html", "name" : "RHSA-2003:285", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_046_sane.html", "name" : "SuSE-SA:2003:046", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt", "name" : "CSSA-2004-005.0", "refsource" : "SCO", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099", "name" : "MDKSA-2003:099", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8593", "name" : "8593", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane-backend:1.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-22T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0775", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-379", "name" : "DSA-379", "refsource" : "DEBIAN", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8600", "name" : "8600", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-278.html", "name" : "RHSA-2003:278", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-285.html", "name" : "RHSA-2003:285", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_046_sane.html", "name" : "SuSE-SA:2003:046", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt", "name" : "CSSA-2004-005.0", "refsource" : "SCO", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099", "name" : "MDKSA-2003:099", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8593", "name" : "8593", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane-backend:1.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-22T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0776", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-379", "name" : "DSA-379", "refsource" : "DEBIAN", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-278.html", "name" : "RHSA-2003:278", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-285.html", "name" : "RHSA-2003:285", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_046_sane.html", "name" : "SuSE-SA:2003:046", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt", "name" : "CSSA-2004-005.0", "refsource" : "SCO", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099", "name" : "MDKSA-2003:099", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8593", "name" : "8593", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "saned in sane-backends 1.0.7 and earlier does not properly \"check the validity of the RPC numbers it gets before getting the parameters,\" with unknown consequences." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane-backend:1.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-22T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0777", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-379", "name" : "DSA-379", "refsource" : "DEBIAN", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-278.html", "name" : "RHSA-2003:278", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-285.html", "name" : "RHSA-2003:285", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_046_sane.html", "name" : "SuSE-SA:2003:046", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt", "name" : "CSSA-2004-005.0", "refsource" : "SCO", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099", "name" : "MDKSA-2003:099", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8597", "name" : "8597", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8593", "name" : "8593", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane-backend:1.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-22T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0778", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-379", "name" : "DSA-379", "refsource" : "DEBIAN", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-278.html", "name" : "RHSA-2003:278", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-285.html", "name" : "RHSA-2003:285", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_046_sane.html", "name" : "SuSE-SA:2003:046", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt", "name" : "CSSA-2004-005.0", "refsource" : "SCO", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099", "name" : "MDKSA-2003:099", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8596", "name" : "8596", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8593", "name" : "8593", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane-backend:1.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-22T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0779", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a091103-1.txt", "name" : "A091103-1", "refsource" : "ATSTAKE", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:digium:asterisk:0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:digium:asterisk:0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:digium:asterisk:0.1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:digium:asterisk:0.1.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:digium:asterisk:0.1.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:digium:asterisk:0.1.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:digium:asterisk:0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-22T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0780", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/337012", "name" : "20030910 Buffer overflow in MySQL", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-381", "name" : "DSA-381", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-281.html", "name" : "RHSA-2003:281", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009819.html", "name" : "20030910 Buffer overflow in MySQL", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743", "name" : "CLA-2003:743", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-282.html", "name" : "RHSA-2003:282", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/516492", "name" : "VU#516492", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/9709", "name" : "9709", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:094", "name" : "MDKSA-2003:094", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106381424420775&w=2", "name" : "2003-0034", "refsource" : "TRUSTIX", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106364207129993&w=2", "name" : "20030913 exploit for mysql -- [get_salt_from_password] problem", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.25:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.26:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.33:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.48:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.49:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.55:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.28:gamma:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.29:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.37:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.44:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.45:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.52:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.53:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:conectiva:linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:conectiva:linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.27:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.31:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.34:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.39:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.46:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.47:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.50:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.51:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.54:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.56:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-22T04:00Z", "lastModifiedDate" : "2019-12-17T17:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0781", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2004/dsa-467", "name" : "DSA-467", "refsource" : "DEBIAN", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12929", "name" : "ecartis-subscribe-password-disclosure(12929)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in ecartis before 1.0.0 does not properly validate user input, which allows attackers to obtain mailing list passwords." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ecartis:ecartis:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-05-04T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0782", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2004/dsa-467", "name" : "DSA-467", "refsource" : "DEBIAN", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12928", "name" : "ecartis-multiple-bo(12928)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in ecartis before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ecartis:ecartis:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-05-04T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0783", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-385", "name" : "DSA-385", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8656", "name" : "8656", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/7119", "name" : "7119", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1007756", "name" : "1007756", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1007757", "name" : "1007757", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9792", "name" : "9792", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106424495804417&w=2", "name" : "20030921 Fw: 0x333hztty => hztty 2.0 local root exploit", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13243", "name" : "hztty-bo(13243)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in hztty 2.0 allow local users to gain root privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yongguang_zhang:hztty:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-06T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0784", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY47764&apar=only", "name" : "IY47764", "refsource" : "AIXAPAR", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-06T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0785", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-389", "name" : "DSA-389", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:brian_bassett:ipmasq:3.5.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-06T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0786", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html", "name" : "20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.openssh.com/txt/sshpam.adv", "name" : "http://www.openssh.com/txt/sshpam.adv", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/602204", "name" : "VU#602204", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/archive/1/338617", "name" : "20030923 Multiple PAM vulnerabilities in portable OpenSSH", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/338616", "name" : "20030923 Portable OpenSSH 3.7.1p2 released", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8677", "name" : "8677", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0787", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html", "name" : "20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.openssh.com/txt/sshpam.adv", "name" : "http://www.openssh.com/txt/sshpam.adv", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/209807", "name" : "VU#209807", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/archive/1/338617", "name" : "20030923 Multiple PAM vulnerabilities in portable OpenSSH", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/338616", "name" : "20030923 Portable OpenSSH 3.7.1p2 released", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8677", "name" : "8677", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0788", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-275.html", "name" : "RHSA-2003:275", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8952", "name" : "8952", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=97958", "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=97958", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:104", "name" : "MDKSA-2003:104", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-63.txt", "name" : "TLSA-2003-63", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10123", "name" : "10123", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000788", "name" : "CLA-2003:788", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000779", "name" : "CLA-2003:779", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13584", "name" : "cups-ipp-dos(13584)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service (CPU consumption from a \"busy loop\") via certain inputs to the IPP port (TCP 631)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-01T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0789", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://apache.secsup.org/dist/httpd/Announcement2.html", "name" : "http://apache.secsup.org/dist/httpd/Announcement2.html", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-320.html", "name" : "RHSA-2003:320", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.apple.com/mhonarc/security-announce/msg00045.html", "name" : "http://lists.apple.com/mhonarc/security-announce/msg00045.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000775", "name" : "CLA-2003:775", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://security.gentoo.org/glsa/glsa-200310-04.xml", "name" : "200310-04", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/advisories/6079", "name" : "HPSBUX0311-301", "refsource" : "HP", "tags" : [ ] }, { "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103", "name" : "MDKSA-2003:103", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/o-015.shtml", "name" : "O-015", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8926", "name" : "8926", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/9504", "name" : "9504", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html", "name" : "APPLE-SA-2004-01-26", "refsource" : "APPLE", "tags" : [ ] }, { "url" : "http://docs.info.apple.com/article.html?artnum=61798", "name" : "http://docs.info.apple.com/article.html?artnum=61798", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106761802305141&w=2", "name" : "20031031 GLSA: apache (200310-04)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13552", "name" : "apache-modcgi-info-disclosure(13552)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0.48", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2021-06-06T11:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0790", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: the reported issue is not a vulnerability or exposure. Notes: This candidate was assigned to a \"head-reading\" bug in a component of fetchmail 6.2.4 and earlier, which was claimed to allow a denial of service. However, the bug is in a broken component of fetchmail that is not \"reachable\" by any execution path, so it cannot be triggered by any sort of attack and is not exploitable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0791", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=221526", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=221526", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/11103/", "name" : "11103", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/advisories/6979", "name" : "SCOSA-2004.8", "refsource" : "SCO", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9322", "name" : "9322", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/8390", "name" : "8390", "refsource" : "OSVDB", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021", "name" : "MDKSA-2004:021", "refsource" : "MANDRAKE", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-07T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0792", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-399" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8843", "name" : "8843", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://security.gentoo.org/glsa/glsa-200403-10.xml", "name" : "GLSA-200403-10", "refsource" : "GENTOO", "tags" : [ "Vendor Advisory" ] }, { "url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-004.0/CSSA-2004-004.0.txt", "name" : "CSSA-2004-004.0", "refsource" : "SCO", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/advisories/5987", "name" : "IMNX-2003-7+-023-01", "refsource" : "IMMUNIX", "tags" : [ ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-61.txt", "name" : "TLSA-2003-61", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:101", "name" : "MDKSA-2003:101", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107731542827401&w=2", "name" : "20040220 LNSA-#2004-0002: Fetchmail 6.2.4 and earlier remote denial of service", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13450", "name" : "fetchmail-email-dos(13450)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial of service (crash) via a certain email." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:6.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:6.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.9.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.9.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.6.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:6.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.9.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.6.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.9.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.3.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.9.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.9.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:6.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.6.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:6.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:6.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.6.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0793", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8846", "name" : "8846", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766", "name" : "CLA-2003:766", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome", "name" : "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100", "name" : "MDKSA-2003:100", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447", "name" : "gdm-dos(13447)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.2.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0794", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8846", "name" : "8846", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766", "name" : "CLA-2003:766", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome", "name" : "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100", "name" : "MDKSA-2003:100", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448", "name" : "gdm-command-dos(13448)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.2.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0795", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-305.html", "name" : "RHSA-2003:305", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-307.html", "name" : "RHSA-2003:307", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-415", "name" : "DSA-415", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10563", "name" : "10563", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106883387304266&w=2", "name" : "20031114 Quagga remote vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:zebra:0.92a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:zebra:0.93a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.96.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:zebra:0.93b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sgi:propack:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:zebra:0.91a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0796", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/9085", "name" : "9085", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20031102-01-P.asc", "name" : "20031102-01-P", "refsource" : "SGI", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20031102-02-P.asc", "name" : "20031102-02-P", "refsource" : "SGI", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13807", "name" : "rpcmountd-mount-gain-access(13807)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 allows remote attackers to mount from unprivileged ports even with the -n option disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.22:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-29T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0797", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/9084", "name" : "9084", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20031102-01-P.asc", "name" : "20031102-01-P", "refsource" : "SGI", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20031102-02-P.asc", "name" : "20031102-02-P", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://www.osvdb.org/8520", "name" : "8520", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13808", "name" : "rpcmountd-dos(13808)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 allows remote attackers to cause a denial of service (process death) via unknown attack vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-29T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0798", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0799", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0800", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0801", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a091503-1.txt", "name" : "A091503-1", "refsource" : "ATSTAKE", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nokia:electronic_documentation:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-10-06T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0802", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a091503-1.txt", "name" : "A091503-1", "refsource" : "ATSTAKE", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a \"retrieve\" action with a location parameter of . (dot)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nokia:electronic_documentation:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-06T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0803", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a091503-1.txt", "name" : "A091503-1", "refsource" : "ATSTAKE", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nokia:electronic_documentation:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-06T04:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0804", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:14.arp.asc", "name" : "FreeBSD-SA-03:14", "refsource" : "FREEBSD", "tags" : [ ] }, { "url" : "http://docs.info.apple.com/article.html?artnum=61798", "name" : "http://docs.info.apple.com/article.html?artnum=61798", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040502-01-P.asc", "name" : "20040502-01-P", "refsource" : "SGI", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.9:pre-release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0805", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-387", "name" : "DSA-387", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105804485302211&w=2", "name" : "20030712 UMN gopherd[2.x.x/3.x.x]: ftp gateway, and GSisText() buffer", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106123498310717&w=2", "name" : "20030818 FW: [gopher] UMN Gopher 3.0.6 released", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_minnesota:gopherd:3.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_minnesota:gopherd:3.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_minnesota:gopherd:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_minnesota:gopherd:2.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_minnesota:gopherd:2.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_minnesota:gopherd:2.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_minnesota:gopherd:3.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_minnesota:gopherd:3.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_minnesota:gopherd:3.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_minnesota:gopherd:3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-06T04:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0806", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html", "name" : "TA04-104A", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/471260", "name" : "VU#471260", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/o-114.shtml", "name" : "O-114", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/10126", "name" : "10126", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15702", "name" : "win-winlogon-bo(15702)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A896", "name" : "oval:org.mitre.oval:def:896", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A895", "name" : "oval:org.mitre.oval:def:895", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1054", "name" : "oval:org.mitre.oval:def:1054", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011", "name" : "MS04-011", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-06-01T04:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0807", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html", "name" : "TA04-104A", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/698564", "name" : "VU#698564", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/o-115.shtml", "name" : "O-115", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/10123", "name" : "10123", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securitytracker.com/alerts/2004/Apr/1009762.html", "name" : "1009762", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15709", "name" : "win-cis-rpc-http-dos(15709)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A995", "name" : "oval:org.mitre.oval:def:995", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A969", "name" : "oval:org.mitre.oval:def:969", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1030", "name" : "oval:org.mitre.oval:def:1030", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-012", "name" : "MS04-012", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-06-01T04:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0809", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8565", "name" : "8565", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/7887", "name" : "7887", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13300", "name" : "ie-xmlobject-code-execution(13300)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A123", "name" : "oval:org.mitre.oval:def:123", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040", "name" : "MS03-040", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0812", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/567620", "name" : "VU#567620", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/9011", "name" : "9011", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20040129-ms03-049.shtml", "name" : "20040129 Buffer Overrun in Microsoft Windows 2000 Workstation Service (MS03-049)", "refsource" : "CISCO", "tags" : [ ] }, { "url" : "http://www.cert.org/advisories/CA-2003-28.html", "name" : "CA-2003-28", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106859247713009&w=2", "name" : "20031111 EEYE: Windows Workstation Service Remote Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106865197102041&w=2", "name" : "20031112 Proof of concept for Windows Workstation Service overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A575", "name" : "oval:org.mitre.oval:def:575", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A331", "name" : "oval:org.mitre.oval:def:331", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-049", "name" : "MS03-049", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file (\"NetSetup.LOG\"), as demonstrated using the NetAddAlternateComputerName API." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0813", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/547820", "name" : "VU#547820", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://xforce.iss.net/xforce/alerts/id/155", "name" : "20031014 Microsoft RPC Race Condition Denial of Service", "refsource" : "ISS", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011870.html", "name" : "20031010 Re : [VERY] BAD news on RPC DCOM Exploit", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011886.html", "name" : "20031010 Re: Bad news on RPC DCOM vulnerability", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.securitylab.ru/_exploits/rpc2.c.txt", "name" : "http://www.securitylab.ru/_exploits/rpc2.c.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011901.html", "name" : "20031011 Bad news on RPC DCOM2 vulnerability", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html", "name" : "TA04-104A", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8811", "name" : "8811", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106579825211708&w=2", "name" : "20031010 Bad news on RPC DCOM vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106588827513795&w=2", "name" : "20031011 RE: Bad news on RPC DCOM vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=106580303918155&w=2", "name" : "20031010 Bad news on RPC DCOM vulnerability", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A900", "name" : "oval:org.mitre.oval:def:900", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A894", "name" : "oval:org.mitre.oval:def:894", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A893", "name" : "oval:org.mitre.oval:def:893", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-012", "name" : "MS04-012", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.1 }, "severity" : "MEDIUM", "exploitabilityScore" : 4.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0814", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/326412", "name" : "VU#326412", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/archive/1/337086", "name" : "20030911 LiuDieYu's missing files are here.", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm", "name" : "http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html", "name" : "20030910 MSIE->BodyRefreshLoadsJPU:refresh is a new navigation method", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1007687", "name" : "1007687", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10192", "name" : "10192", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392", "name" : "oval:org.mitre.oval:def:392", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349", "name" : "oval:org.mitre.oval:def:349", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344", "name" : "oval:org.mitre.oval:def:344", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343", "name" : "oval:org.mitre.oval:def:343", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342", "name" : "oval:org.mitre.oval:def:342", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341", "name" : "oval:org.mitre.oval:def:341", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335", "name" : "oval:org.mitre.oval:def:335", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048", "name" : "MS03-048", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's \"href\" to the malicious Javascript, then calling execCommand(\"Refresh\") to refresh the page, aka BodyRefreshLoadsJPU or the \"ExecCommand Cross Domain\" vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-03T05:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0815", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/9014", "name" : "9014", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/337086", "name" : "20030911 LiuDieYu's missing files are here.", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM", "name" : "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM", "name" : "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM", "name" : "http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html", "name" : "20030910 MSIE->LinkillerSaveRef:another caller-based authorization", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/o-021.shtml", "name" : "O-021", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.osvdb.org/7888", "name" : "7888", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.osvdb.org/7889", "name" : "7889", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1007687", "name" : "1007687", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10192", "name" : "10192", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106322542104656&w=2", "name" : "20030910 MSIE->Findeath: break caller-based authorization", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106321757619047&w=2", "name" : "20030910 MSIE->LinkillerJPU:another caller-based authorization(is broken).", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13676", "name" : "ie-pointer-zone-bypass(13676)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A472", "name" : "oval:org.mitre.oval:def:472", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A359", "name" : "oval:org.mitre.oval:def:359", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A357", "name" : "oval:org.mitre.oval:def:357", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A356", "name" : "oval:org.mitre.oval:def:356", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A353", "name" : "oval:org.mitre.oval:def:353", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A352", "name" : "oval:org.mitre.oval:def:352", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A351", "name" : "oval:org.mitre.oval:def:351", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048", "name" : "MS03-048", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the \"Function Pointer Override Cross Domain\" vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-03T05:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0816", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/652452", "name" : "VU#652452", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm", "name" : "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM", "name" : "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM", "name" : "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM", "name" : "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM", "name" : "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM", "name" : "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM", "name" : "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm", "name" : "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM", "name" : "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/337086", "name" : "20030911 LiuDieYu's missing files are here.", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/771604", "name" : "VU#771604", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/archive/1/336937", "name" : "20030910 MSIE->NAFfileJPU", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html", "name" : "20030910 MSIE->WsOpenJpuInHistory", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1007687", "name" : "1007687", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10192", "name" : "10192", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106321882821788&w=2", "name" : "20030910 MSIE->WsOpenFileJPU", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106322240132721&w=2", "name" : "20030910 MSIE->BackMyParent2:Multi-Thread version", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106322063729496&w=2", "name" : "20030910 MSIE->WsBASEjpu", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106321781819727&w=2", "name" : "20030910 MSIE->WsFakeSrc", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106321638416884&w=2", "name" : "20030910 MSIE->RefBack", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106321693517858&w=2", "name" : "20030910 MSIE->NAFjpuInHistory", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479", "name" : "oval:org.mitre.oval:def:479", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459", "name" : "oval:org.mitre.oval:def:459", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416", "name" : "oval:org.mitre.oval:def:416", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409", "name" : "oval:org.mitre.oval:def:409", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363", "name" : "oval:org.mitre.oval:def:363", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362", "name" : "oval:org.mitre.oval:def:362", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361", "name" : "oval:org.mitre.oval:def:361", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048", "name" : "MS03-048", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the \"Script URLs Cross Domain\" vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-03T05:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0817", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/9012", "name" : "9012", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10192", "name" : "10192", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A566", "name" : "oval:org.mitre.oval:def:566", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A556", "name" : "oval:org.mitre.oval:def:556", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A549", "name" : "oval:org.mitre.oval:def:549", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A548", "name" : "oval:org.mitre.oval:def:548", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543", "name" : "oval:org.mitre.oval:def:543", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520", "name" : "oval:org.mitre.oval:def:520", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508", "name" : "oval:org.mitre.oval:def:508", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048", "name" : "MS03-048", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-03T05:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0818", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/216324", "name" : "VU#216324", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/583108", "name" : "VU#583108", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.us-cert.gov/cas/techalerts/TA04-041A.html", "name" : "TA04-041A", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=107650972617367&w=2", "name" : "20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107643892224825&w=2", "name" : "20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107643836125615&w=2", "name" : "20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=107650972723080&w=2", "name" : "20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A799", "name" : "oval:org.mitre.oval:def:799", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A797", "name" : "oval:org.mitre.oval:def:797", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A796", "name" : "oval:org.mitre.oval:def:796", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A653", "name" : "oval:org.mitre.oval:def:653", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-007", "name" : "MS04-007", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-03T05:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0819", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/749342", "name" : "VU#749342", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.cert.org/advisories/CA-2004-01.html", "name" : "CA-2004-01", "refsource" : "CERT", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/9408", "name" : "9408", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.uniras.gov.uk/vuls/2004/006489/h323.htm", "name" : "http://www.uniras.gov.uk/vuls/2004/006489/h323.htm", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/9406", "name" : "9406", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1008698", "name" : "1008698", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10611", "name" : "10611", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A478", "name" : "oval:org.mitre.oval:def:478", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-001", "name" : "MS04-001", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:proxy_server:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:proxy_server:2.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-17T05:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0820", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0163.html", "name" : "20031015 Few issues previously unpublished in English", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8835", "name" : "8835", "refsource" : "BID", "tags" : [ "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory" ] }, { "url" : "http://www.security.nnov.ru/search/document.asp?docid=5243", "name" : "http://www.security.nnov.ru/search/document.asp?docid=5243", "refsource" : "MISC", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13682", "name" : "word-macro-execute-code(13682)", "refsource" : "XF", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A668", "name" : "oval:org.mitre.oval:def:668", "refsource" : "OVAL", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A586", "name" : "oval:org.mitre.oval:def:586", "refsource" : "OVAL", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A585", "name" : "oval:org.mitre.oval:def:585", "refsource" : "OVAL", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A336", "name" : "oval:org.mitre.oval:def:336", "refsource" : "OVAL", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-050", "name" : "MS03-050", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the \"Macro names\" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:98:*:*:zh:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:98:*:*:ja:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:*:*:ko:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:works:2001:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:works:2002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:97:*:*:ja:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:97:*:*:ko:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:97:sr1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:98:sr2:*:ja:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:97:sr2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sr1a:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:98:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:97:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:works:2003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2002:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sr1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:97:*:*:zh:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:98:*:*:ko:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:*:*:zh:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:*:*:ja:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:98:sr1:*:ja:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0821", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/9010", "name" : "9010", "refsource" : "BID", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13681", "name" : "excel-macro-execute-code(13681)", "refsource" : "XF", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A695", "name" : "oval:org.mitre.oval:def:695", "refsource" : "OVAL", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A675", "name" : "oval:org.mitre.oval:def:675", "refsource" : "OVAL", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A636", "name" : "oval:org.mitre.oval:def:636", "refsource" : "OVAL", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-050", "name" : "MS03-050", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:97:*:*:zh:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:97:*:*:ja:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:98:sr1:*:ja:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:98:sr2:*:ja:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sr1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sr1a:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:97:sr2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:98:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:*:*:ja:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:*:*:ko:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:97:sr1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:works:2001:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:97:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:works:2002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:works:2003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2002:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:97:*:*:ko:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:98:*:*:zh:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:98:*:*:ja:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:98:*:*:ko:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:*:*:zh:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0822", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/279156", "name" : "VU#279156", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/10195", "name" : "10195", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106865318904055&w=2", "name" : "20031112 Frontpage Extensions Remote Command Execution", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=106862654906759&w=2", "name" : "20031112 Frontpage Extensions Remote Command Execution", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13674", "name" : "fpse-debug-bo(13674)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A743", "name" : "oval:org.mitre.oval:def:743", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A699", "name" : "oval:org.mitre.oval:def:699", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A367", "name" : "oval:org.mitre.oval:def:367", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A366", "name" : "oval:org.mitre.oval:def:366", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A364", "name" : "oval:org.mitre.oval:def:364", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-051", "name" : "MS03-051", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:frontpage_server_extensions:2000:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:frontpage_server_extensions:2002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sharepoint_team_services:2002:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0823", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/337086", "name" : "20030911 LiuDieYu's missing files are here.", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/413886", "name" : "VU#413886", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/10192", "name" : "10192", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006036", "name" : "1006036", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106322197932006&w=2", "name" : "20030910 MSIE->HijackClick: 1+1=2", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A733", "name" : "oval:org.mitre.oval:def:733", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A588", "name" : "oval:org.mitre.oval:def:588", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A372", "name" : "oval:org.mitre.oval:def:372", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A371", "name" : "oval:org.mitre.oval:def:371", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A370", "name" : "oval:org.mitre.oval:def:370", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A369", "name" : "oval:org.mitre.oval:def:369", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A368", "name" : "oval:org.mitre.oval:def:368", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048", "name" : "MS03-048", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-03T05:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0824", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/179012", "name" : "VU#179012", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/10195", "name" : "10195", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13680", "name" : "fpse-smarthtml-dos(13680)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A762", "name" : "oval:org.mitre.oval:def:762", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A625", "name" : "oval:org.mitre.oval:def:625", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A606", "name" : "oval:org.mitre.oval:def:606", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A591", "name" : "oval:org.mitre.oval:def:591", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A308", "name" : "oval:org.mitre.oval:def:308", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-051", "name" : "MS03-051", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:frontpage_server_extensions:2002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sharepoint_team_services:2002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:frontpage_server_extensions:2000:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0825", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/9624", "name" : "9624", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/445214", "name" : "VU#445214", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/o-077.shtml", "name" : "O-077", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.osvdb.org/3903", "name" : "3903", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A802", "name" : "oval:org.mitre.oval:def:802", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A801", "name" : "oval:org.mitre.oval:def:801", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A800", "name" : "oval:org.mitre.oval:def:800", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A704", "name" : "oval:org.mitre.oval:def:704", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15037", "name" : "win-wins-gsflag-dos(15037)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-006", "name" : "MS04-006", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:*:r2:x64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-03T05:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0826", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010496.html", "name" : "20030919 lsh patch (was Re: [Full-Disclosure] new ssh exploit?)", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2005/dsa-717", "name" : "DSA-717", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://lists.lysator.liu.se/pipermail/lsh-bugs/2003q3/000120.html", "name" : "http://lists.lysator.liu.se/pipermail/lsh-bugs/2003q3/000120.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://bugs.debian.org/211662", "name" : "http://bugs.debian.org/211662", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106407188509874&w=2", "name" : "20030920 LSH: Buffer overrun and remote root compromise in lshd", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106398939512178&w=2", "name" : "20030919 Remote root vuln in lsh 1.4.x", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:lsh:1.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:lsh:1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:lsh:1.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-06T04:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0827", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY47686&apar=only", "name" : "IY47686", "refsource" : "AIXAPAR", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106399616919636&w=2", "name" : "20030919 AppSecInc Security Alert: Denial of Service Vulnerability in DB2 Discovery Service", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.1:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.2:*:linux:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-06T04:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0828", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-391", "name" : "DSA-391", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8716", "name" : "8716", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13301", "name" : "freesweep-bo(13301)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local users to gain \"games\" group privileges when processing environment variables." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gus_and_psilord:freesweep:0.90:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gus_and_psilord:freesweep:0.88:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-29T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0830", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-390", "name" : "DSA-390", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in marbles 1.0.2 and earlier allows local users to gain privileges via a long HOME environment variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:marbles:marbles:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0831", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://xforce.iss.net/xforce/alerts/id/154", "name" : "20030923 ProFTPD ASCII File Remote Compromise Vulnerability", "refsource" : "ISS", "tags" : [ ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html", "name" : "20031014 Another ProFTPd root EXPLOIT ?", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/405348", "name" : "VU#405348", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/9829", "name" : "9829", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:095", "name" : "MDKSA-2003:095", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106606885611269&w=2", "name" : "20031013 Remote root exploit for proftpd \\n bug", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106441655617816&w=2", "name" : "20030924 [slackware-security] ProFTPD Security Advisory (SSA:2003-259-02)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12200", "name" : "proftpd-ascii-xfer-newline-bo(12200)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://www.exploit-db.com/exploits/107/", "name" : "107", "refsource" : "EXPLOIT-DB", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:proftpd_project:proftpd:1.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:proftpd_project:proftpd:1.2.8_rc2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:proftpd_project:proftpd:1.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:proftpd_project:proftpd:1.2.8_rc1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2017-10-05T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0832", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-392", "name" : "DSA-392", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webfs:webfs:1.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webfs:webfs:1.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webfs:webfs:1.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webfs:webfs:1.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0833", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-392", "name" : "DSA-392", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in webfs before 1.20 allows attackers to execute arbitrary code by creating directories that result in a long pathname." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webfs:webfs:1.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webfs:webfs:1.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webfs:webfs:1.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webfs:webfs:1.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0834", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/575804", "name" : "VU#575804", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8973", "name" : "8973", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/hp/2003-q4/0047.html", "name" : "HPSBUX0311-297", "refsource" : "HP", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040801-01-P", "name" : "20040801-01-P", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57414", "name" : "57414", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://www.idefense.com/application/poi/display?id=134&type=vulnerabilities&flashstatus=false", "name" : "20040825 CDE libDtHelp LOGNAME Buffer Overflow Vulnerability", "refsource" : "IDEFENSE", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5141", "name" : "oval:org.mitre.oval:def:5141", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sco:unixware:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sco:unixware:7.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sco:open_unix:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-01T05:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0835", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.mplayerhq.hu/homepage/design6/news.html", "name" : "http://www.mplayerhq.hu/homepage/design6/news.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000760", "name" : "CLA-2003:760", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106454257221455&w=2", "name" : "20030925 MPlayer Security Advisory #01: Remotely exploitable buffer overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106485005213109&w=2", "name" : "20030929 GLSA: media-video/mplayer (200309-15)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106460912721618&w=2", "name" : "20030926 Mplayer Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in asf_http_request of MPlayer before 0.92 allows remote attackers to execute arbitrary code via an ASX header with a long hostname." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mplayer:mplayer:0.91:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mplayer:mplayer:0.90:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0836", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before Fixpak 10 and 10a, and 8.1 before Fixpak 2, allows attackers with \"Connect\" privileges to execute arbitrary code via a LOAD command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.2:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:8.1:*:aix:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0837", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8743", "name" : "8743", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106503709914622&w=2", "name" : "20031001 ptl-2003-02: IBM DB2 INVOKE Command Stack Overflow Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13331", "name" : "db2-invoke-bo(13331)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with \"Connect\" privileges to execute arbitrary code via the INVOKE command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.2:*:linux:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0838", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009639.html", "name" : "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html", "name" : "http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0310&L=ntbugtraq&F=P&S=&P=2169", "name" : "20031001 DNS/Hosts file issues", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8556", "name" : "8556", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/7872", "name" : "7872", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106304733121753&w=2", "name" : "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=ntbugtraq&m=106302799428500&w=2", "name" : "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106304876523459&w=2", "name" : "20030908 Temporary Fix for IE Zero Day Malware RE: BAD NEWS: Microsoft Security Bulletin MS03-032", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13314", "name" : "ie-popup-code-execution(13314)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A204", "name" : "oval:org.mitre.oval:def:204", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040", "name" : "MS03-040", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a \"data\" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0839", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.geocities.co.jp/SiliconValley/1667/advisory08e.html", "name" : "http://www.geocities.co.jp/SiliconValley/1667/advisory08e.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106563075612028&w=2", "name" : "20031008 Microsoft Windows Server 2003 \"Shell Folders\" Directory Traversal Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in the \"Shell Folders\" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a \"shell:\" link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0840", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106563181313571&w=2", "name" : "20031008 HPUX dtprintinfo buffer overflow vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0841", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106554919000847&w=2", "name" : "20031007 PeopleSoft Grid Option Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Mailing List" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:peopletools:8.42:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2019-08-19T15:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0842", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105457180009860&w=2", "name" : "20030601 Mod_gzip Debug Mode Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode, allows remote attackers to execute arbitrary code via a long filename in a GET request with an \"Accept-Encoding: gzip\" header." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dag_apt_repository:mod_gzip:1.3.26.1a:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0843", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105457180009860&w=2", "name" : "20030601 Mod_gzip Debug Mode Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an \"Accept-Encoding: gzip\" header." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dag_apt_repository:mod_gzip:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.3.26.1a", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0844", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105457180009860&w=2", "name" : "20030601 Mod_gzip Debug Mode Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the \"Strengthen default permissions of internal system objects\" policy is not enabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dag_apt_repository:mod_gzip:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.3.26.1a", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0845", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8773", "name" : "8773", "refsource" : "BID", "tags" : [ "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory" ] }, { "url" : "http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866", "name" : "http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866", "refsource" : "CONFIRM", "tags" : [ "Broken Link" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2007-1048.html", "name" : "RHSA-2007:1048", "refsource" : "REDHAT", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://secunia.com/advisories/27914", "name" : "27914", "refsource" : "SECUNIA", "tags" : [ "Not Applicable" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106547728803252&w=2", "name" : "20031006 Update JBoss 308 & 321: Remote Command Injection", "refsource" : "BUGTRAQ", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106546044416498&w=2", "name" : "20031005 JBoss 3.2.1: Remote Command Injection", "refsource" : "BUGTRAQ", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300", "name" : "oval:org.mitre.oval:def:11300", "refsource" : "OVAL", "tags" : [ "Tool Signature" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jboss:jboss:3.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jboss:jboss:3.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2020-03-24T14:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0846", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106546177518140&w=2", "name" : "20031006 Local root exploit in SuSE Linux 7.3Pro", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106546531922379&w=2", "name" : "20031006 Re: Local root exploit in SuSE Linux 8.2Pro", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allows local users to overwrite arbitrary files via a symlink attack on the .java_wrapper temporary file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:suse_linux:7.3:*:pro:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0847", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106545972615578&w=2", "name" : "20031006 Local root exploit in SuSE Linux 8.2Pro", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106546531922379&w=2", "name" : "20031006 Re: Local root exploit in SuSE Linux 8.2Pro", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows local users to overwrite arbitrary files via a symlink attack on the susewm.$$ temporary file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:suse_linux:8.2:*:professional:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2016-10-18T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0848", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2004/dsa-428", "name" : "DSA-428", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ebitech.sk/patrik/SA/SA-20031006.txt", "name" : "http://www.ebitech.sk/patrik/SA/SA-20031006.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.ebitech.sk/patrik/SA/SA-20031006-A.txt", "name" : "http://www.ebitech.sk/patrik/SA/SA-20031006-A.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.trustix.org/errata/misc/2004/TSL-2004-0005-slocate.asc.txt", "name" : "2004-0005", "refsource" : "TRUSTIX", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-041.html", "name" : "RHSA-2004:041", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc", "name" : "20040201-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-001.0/CSSA-2004-001.0.txt", "name" : "CSSA-2004-001.0", "refsource" : "SCO", "tags" : [ ] }, { "url" : "http://www.redhat.com/archives/fedora-announce-list/2004-January/msg00009.html", "name" : "FEDORA-2004-059", "refsource" : "FEDORA", "tags" : [ ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2004-040.html", "name" : "RHSA-2004:040", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc", "name" : "20040202-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:004", "name" : "MDKSA-2004:004", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10670", "name" : "10670", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10683", "name" : "10683", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10686", "name" : "10686", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10698", "name" : "10698", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10702", "name" : "10702", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10720", "name" : "10720", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10722", "name" : "10722", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9962/", "name" : "9962", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106589631819348&w=2", "name" : "20031011 SA-20031006 slocate buffer overflow - exploitation proof", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106546447321274&w=2", "name" : "20031006 SA-20031006 slocate vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A821", "name" : "oval:org.mitre.oval:def:821", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11033", "name" : "oval:org.mitre.oval:def:11033", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative \"pathlen\" value to be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:slocate:slocate:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:slocate:slocate:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:slocate:slocate:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:slocate:slocate:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:slocate:slocate:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:slocate:slocate:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0849", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106546086216984&w=2", "name" : "20031005 GLSA: cfengine (200310-02)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106451047819552&w=2", "name" : "20030925 Cfengine2 cfservd remote stack overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106485375218280&w=2", "name" : "20030928 cfengine2-2.0.3 remote exploit for redhat", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.5:pre:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.5:pre2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.1.0:a8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.1.0:a9:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.5:b1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.7:p1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.1.0:a6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.7:p2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.7:p3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0850", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sourceforge.net/project/shownotes.php?release_id=191323", "name" : "http://sourceforge.net/project/shownotes.php?release_id=191323", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-410", "name" : "DSA-410", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000773", "name" : "CLA-2003:773", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10543", "name" : "10543", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106728224210446&w=2", "name" : "20031027 Libnids <= 1.17 buffer overflow", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause \"memory corruption\" and possibly execute arbitrary code via \"overlarge TCP packets.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rafal_wojtczuk:libnids:1.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dug_song:dsniff:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rafal_wojtczuk:libnids:1.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rafal_wojtczuk:libnids:1.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rafal_wojtczuk:libnids:1.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rafal_wojtczuk:libnids:1.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rafal_wojtczuk:libnids:1.13:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0851", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openssl.org/news/secadv_20031104.txt", "name" : "http://www.openssl.org/news/secadv_20031104.txt", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/412478", "name" : "VU#412478", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8970", "name" : "8970", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml", "name" : "20030930 SSL Implementation Vulnerabilities", "refsource" : "CISCO", "tags" : [ ] }, { "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc", "name" : "NetBSD-SA2004-003", "refsource" : "NETBSD", "tags" : [ ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2004-119.html", "name" : "RHSA-2004:119", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc", "name" : "20040304-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html", "name" : "FEDORA-2005-1042", "refsource" : "FEDORA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/17381", "name" : "17381", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106796246511667&w=2", "name" : "20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=108403850228012&w=2", "name" : "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528", "name" : "oval:org.mitre.oval:def:5528", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2sx:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-01T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0852", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8877", "name" : "8877", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012542.html", "name" : "20031022 Sylpheed-claws format string bug, yet still sylpheed much better than windows", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.guninski.com/sylph.html", "name" : "http://www.guninski.com/sylph.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://sylpheed.good-day.net/#changes", "name" : "http://sylpheed.good-day.net/#changes", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13508", "name" : "sylpheed-smtp-format-string(13508)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 through 0.9.6 allows remote SMTP servers to cause a denial of service (crash) in sylpheed via format strings in an error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sylpheed:sylpheed:0.9.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sylpheed:sylpheed:0.9.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sylpheed:sylpheed:0.9.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0853", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8875", "name" : "8875", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html", "name" : "20031022 Fun with /bin/ls, yet still ls better than windows", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.guninski.com/binls.html", "name" : "http://www.guninski.com/binls.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-309.html", "name" : "RHSA-2003:309", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-310.html", "name" : "RHSA-2003:310", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/advisories/6014", "name" : "IMNX-2003-7+-026-01", "refsource" : "IMMUNIX", "tags" : [ ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-60.txt", "name" : "TLSA-2003-60", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf", "name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10126", "name" : "10126", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/17069", "name" : "17069", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768", "name" : "CLA-2003:768", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771", "name" : "CLA-2003:771", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106", "name" : "MDKSA-2003:106", "refsource" : "MANDRAKE", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:fileutils:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:fileutils:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:fileutils:4.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:fileutils:4.1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:fileutils:4.0.36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0854", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html", "name" : "20031022 Fun with /bin/ls, yet still ls better than windows", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.guninski.com/binls.html", "name" : "http://www.guninski.com/binls.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2005/dsa-705", "name" : "DSA-705", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-309.html", "name" : "RHSA-2003:309", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-310.html", "name" : "RHSA-2003:310", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/advisories/6014", "name" : "IMNX-2003-7+-026-01", "refsource" : "IMMUNIX", "tags" : [ ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-60.txt", "name" : "TLSA-2003-60", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf", "name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10126", "name" : "10126", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/17069", "name" : "17069", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768", "name" : "CLA-2003:768", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771", "name" : "CLA-2003:771", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106", "name" : "MDKSA-2003:106", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "https://www.exploit-db.com/exploits/115", "name" : "115", "refsource" : "EXPLOIT-DB", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:fileutils:4.1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:fileutils:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:fileutils:4.0.36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:fileutils:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:fileutils:4.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0855", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://bugzilla.gnome.org/show_bug.cgi?id=107025", "name" : "http://bugzilla.gnome.org/show_bug.cgi?id=107025", "refsource" : "CONFIRM", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=107519", "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=107519", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-311.html", "name" : "RHSA-2003:311", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-312.html", "name" : "RHSA-2003:312", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc", "name" : "20040202-01-U", "refsource" : "SGI", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Pan 0.13.3 and earlier allows remote attackers to cause a denial of service (crash) via a news post with a long author email address." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:charles_kerr:pan:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.13.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0856", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-317.html", "name" : "RHSA-2003:317", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-492", "name" : "DSA-492", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-316.html", "name" : "RHSA-2003:316", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00004.html", "name" : "FEDORA-2004-115", "refsource" : "FEDORA", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2005_01_sr.html", "name" : "SUSE-SR:2005:001", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10912", "name" : "oval:org.mitre.oval:def:10912", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "iproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stephen_hemminger:iproute:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.4.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 4.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0857", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=108574", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=108574", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0858", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-399" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-305.html", "name" : "RHSA-2003:305", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-307.html", "name" : "RHSA-2003:307", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-315.html", "name" : "RHSA-2003:315", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-415", "name" : "DSA-415", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10563", "name" : "10563", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10169", "name" : "oval:org.mitre.oval:def:10169", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:zebra:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.91", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:quagga:quagga_routing_software_suite:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.95", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0859", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-325.html", "name" : "RHSA-2003:325", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-334.html", "name" : "RHSA-2003:334", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11337", "name" : "oval:org.mitre.oval:def:11337", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:zebra:0.93b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:quagga:quagga_routing_software_suite:0.96.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sgi:propack:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:zebra:0.92a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:zebra:0.93a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:zebra:0.91a:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:intel:ia64:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 4.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0860", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.php.net/release_4_3_3.php", "name" : "http://www.php.net/release_4_3_3.php", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.php.net/ChangeLog-4.php#4.3.3", "name" : "http://www.php.net/ChangeLog-4.php#4.3.3", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2018-10-30T16:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0861", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.php.net/release_4_3_3.php", "name" : "http://www.php.net/release_4_3_3.php", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.php.net/ChangeLog-4.php#4.3.3", "name" : "http://www.php.net/ChangeLog-4.php#4.3.3", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2018-10-30T16:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0862", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0813. Reason: This candidate is a duplicate of CVE-2003-0813. Notes: All CVE users should reference CVE-2003-0813 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0863", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=105839111204227", "name" : "20030716 PHP safe mode broken?", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2018-10-30T16:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0864", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8817", "name" : "8817", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "ftp://ftp.irc.org/irc/server/ChangeLog", "name" : "ftp://ftp.irc.org/irc/server/ChangeLog", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000765", "name" : "CLA-2003:765", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106606129601446&w=2", "name" : "20031012 buffer overflow in IRCD software", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106667431021928&w=2", "name" : "20031019 [OpenPKG-SA-2003.045] OpenPKG Security Advisory (ircd)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13408", "name" : "ircd-mjoin-bo(13408)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to 2.10.3p3 allows remote attackers to cause a denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ircnet:ircnet_ircd:2.10.3_p3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ircnet:ircnet_ircd:2.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0865", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/338641", "name" : "20030923 mpg123[v0.59r,v0.59s]: remote client-side heap corruption exploit.", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8680", "name" : "8680", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-435", "name" : "DSA-435", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-002.0/CSSA-2004-002.0.txt", "name" : "CSSA-2004-002.0", "refsource" : "SCO", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000781", "name" : "CLA-2003:781", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106493686331198&w=2", "name" : "20030930 GLSA: mpg123 (200309-17)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mpg123:mpg123:0.59r:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mpg123:mpg123:0.59s:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0866", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506", "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506", "refsource" : "CONFIRM", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-395", "name" : "DSA-395", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8824", "name" : "8824", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://tomcat.apache.org/security-4.html", "name" : "http://tomcat.apache.org/security-4.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1", "name" : "239312", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/30908", "name" : "30908", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/30899", "name" : "30899", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.vupen.com/english/advisories/2008/1979/references", "name" : "ADV-2008-1979", "refsource" : "VUPEN", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13429", "name" : "tomcat-non-http-dos(13429)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "name" : "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "name" : "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "name" : "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "refsource" : "MLIST", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2019-03-25T11:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0867", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0662. Reason: This candidate is a duplicate of CVE-2003-0662. Notes: All CVE users should reference CVE-2003-0662 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0868", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0869", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0870", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a102003-1.txt", "name" : "A102003-1", "refsource" : "ATSTAKE", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8853", "name" : "8853", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0016.html", "name" : "20031020 Opera HREF escaped server name overflow", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13458", "name" : "opera-escape-heap-overflow(13458)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of escaped characters in the server name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0871", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8922", "name" : "8922", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.apple.com/mhonarc/security-announce/msg00039.html", "name" : "APPLE-SA-2003-10-28", "refsource" : "APPLE", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain \"unauthorized access to a system.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0872", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.27/CSSA-2003-SCO.27.txt", "name" : "CSSA-2003-SCO.27", "refsource" : "SCO", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8864", "name" : "8864", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Certain scripts in OpenServer before 5.0.6 allow local users to overwrite files and conduct other unauthorized activities via a symlink attack on temporary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0873", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0874", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8856", "name" : "8856", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securiteam.com/unixfocus/6R0052K8KM.html", "name" : "http://www.securiteam.com/unixfocus/6R0052K8KM.html", "refsource" : "MISC", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0017.html", "name" : "20031020 Multiple SQL Injection Vulnerabilities in DeskPRO", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106667525623311&w=2", "name" : "20031020 Multiple SQL Injection Vulnerabilities in DeskPRO", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13391", "name" : "deskpro-multiple-sql-injection(13391)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier allow remote attackers to insert arbitrary SQL and conduct unauthorized activities via (1) the cat parameter in faq.php, (2) the article parameter in faq.php, (3) the tickedid parameter in view.php, and (4) the Password entry on the logon screen." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:deskpro:deskpro:1.1_.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0875", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000723", "name" : "CLA-2003:723", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106123103606336&w=2", "name" : "20030818 OpenSLP initscript symlink vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Symbolic link vulnerability in the slpd script slpd.all_init for OpenSLP before 1.0.11 allows local users to overwrite arbitrary files via the route.check temporary file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openslp:openslp:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0876", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8916", "name" : "8916", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8917", "name" : "8917", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.atstake.com/research/advisories/2003/a102803-1.txt", "name" : "A102803-1", "refsource" : "ATSTAKE", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13537", "name" : "macos-insecure-file-permissions(13537)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0877", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a102803-1.txt", "name" : "A102803-1", "refsource" : "ATSTAKE", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8914", "name" : "8914", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8917", "name" : "8917", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13542", "name" : "macos-core-files-symlink(13542)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0878", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://docs.info.apple.com/article.html?artnum=61798", "name" : "http://docs.info.apple.com/article.html?artnum=61798", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html", "name" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "slpd daemon in Mac OS X before 10.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2003-0875." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionEndIncluding" : "10.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0879", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0518. Reason: This candidate is a reservation duplicate of CVE-2003-0518. Notes: All CVE users should reference CVE-2003-0518 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0880", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://docs.info.apple.com/article.html?artnum=61798", "name" : "http://docs.info.apple.com/article.html?artnum=61798", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html", "name" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionEndIncluding" : "10.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0881", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://docs.info.apple.com/article.html?artnum=61798", "name" : "http://docs.info.apple.com/article.html?artnum=61798", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html", "name" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionEndIncluding" : "10.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0882", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://docs.info.apple.com/article.html?artnum=61798", "name" : "http://docs.info.apple.com/article.html?artnum=61798", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html", "name" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionEndIncluding" : "10.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0883", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://docs.info.apple.com/article.html?artnum=61798", "name" : "http://docs.info.apple.com/article.html?artnum=61798", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html", "name" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The System Preferences capability in Mac OS X before 10.3 allows local users to access secure Preference Panes for a short period after an administrator has authenticated to the system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0885", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://bugs.gentoo.org/show_bug.cgi?id=41253", "name" : "http://bugs.gentoo.org/show_bug.cgi?id=41253", "refsource" : "CONFIRM", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286", "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.14:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0886", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-401", "name" : "DSA-401", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_045_hylafax.html", "name" : "SuSE-SA:2003:045", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000783", "name" : "CLA-2003:783", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:105", "name" : "MDKSA-2003:105", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106858898708752&w=2", "name" : "20031111 HylaFAX - Format String Vulnerability Fixed", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier allows remote attackers to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hylafax:hylafax:4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hylafax:hylafax:4.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hylafax:hylafax:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hylafax:hylafax:4.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hylafax:hylafax:4.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hylafax:hylafax:4.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hylafax:hylafax:4.1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-01T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0887", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?rev=1.6", "name" : "http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?rev=1.6", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?r1=1.4&r2=1.5", "name" : "http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?r1=1.4&r2=1.5", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache files, which allows local users to conduct unauthorized operations via a symlink attack on the ez-ipupdate.cache file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:angus_mackay:ez-ipupdate:3.0.11b5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:angus_mackay:ez-ipupdate:3.0.11b7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0894", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://otn.oracle.com/deploy/security/pdf/2003alert59.pdf", "name" : "http://otn.oracle.com/deploy/security/pdf/2003alert59.pdf", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/496340", "name" : "VU#496340", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://securitytracker.com/id?1007956", "name" : "1007956", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8844", "name" : "8844", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8845", "name" : "8845", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13451", "name" : "oracle-oracleo-binaries-bo(13451)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0895", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8913", "name" : "8913", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html", "name" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.atstake.com/research/advisories/2003/a102803-3.txt", "name" : "A102803-3", "refsource" : "ATSTAKE", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13541", "name" : "macos-long-command-bo(13541)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local users, and possibly remote attackers, to cause a denial of service (crash), access portions of memory, and possibly execute arbitrary code via a long command line argument (argv[])." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0896", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57221", "name" : "57221", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/advisories/6028", "name" : "HPSBUX0311-295", "refsource" : "HP", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8879", "name" : "8879", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/342580", "name" : "20031027 Re: [LSD] Security vulnerability in SUN's Java Virtual Machine implementation", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/342583", "name" : "20031027 Re: [LSD] Security vulnerability in SUN's Java Virtual Machineimplementation", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200356-1", "name" : "200356", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://lsd-pl.net/code/JVM/jre.tar.gz", "name" : "http://lsd-pl.net/code/JVM/jre.tar.gz", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106692334503819&w=2", "name" : "20021023 [LSD] Security vulnerability in SUN's Java Virtual Machine implementation", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains \"/\" (slash) instead of \".\" (dot) characters, which bypasses a call to the Security Manager's checkPackageAccess method." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:*:update3:*:*:*:*:*:*", "versionEndIncluding" : "1.4.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0897", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106692772510010&w=2", "name" : "20031023 Shatter XP", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13558", "name" : "winxp-commctl32-code-execution(13558)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\"Shatter\" vulnerability in CommCtl32.dll in Windows XP may allow local users to execute arbitrary code by sending (1) BCM_GETTEXTMARGIN or (2) BCM_SETTEXTMARGIN button control messages to privileged applications." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0898", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt", "name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106010332721672&w=2", "name" : "20030805 Local Vulnerability in IBM DB2 7.1 db2job binary", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:*:*:linux:*:*:*:*:*", "versionEndIncluding" : "8.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.1:*:linux:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0899", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8906", "name" : "8906", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.texonet.com/advisories/TEXONET-20030908.txt", "name" : "http://www.texonet.com/advisories/TEXONET-20030908.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.osvdb.org/2729", "name" : "2729", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10092", "name" : "10092", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106729188224252&w=2", "name" : "20031027 Remote overflow in thttpd", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://www.debian.org/security/2003/dsa-396", "name" : "DSA-396", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13530", "name" : "thttpd-defang-bo(13530)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to \"<\" and \">\" sequences." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acme_labs:thttpd:2.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acme_labs:thttpd:2.21b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acme_labs:thttpd:2.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acme_labs:thttpd:2.23b1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0900", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=108711", "name" : "https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=108711", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:larry_wall:perl:5.8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0901", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8741", "name" : "8741", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/ascii.c", "name" : "http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/ascii.c", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-397", "name" : "DSA-397", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-313.html", "name" : "RHSA-2003:313", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-314.html", "name" : "RHSA-2003:314", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000772", "name" : "CLSA-2003:772", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000784", "name" : "CLA-2003:784", "refsource" : "CONECTIVA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3.4, allows remote attackers to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:7.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:7.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:7.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0902", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-402", "name" : "DSA-402", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and possibly other versions, allows remote attackers to execute arbitrary commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:minimalist:minimalist:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:minimalist:minimalist:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-03T05:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0903", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/9407", "name" : "9407", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/139150", "name" : "VU#139150", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.osvdb.org/3457", "name" : "3457", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A775", "name" : "oval:org.mitre.oval:def:775", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A751", "name" : "oval:org.mitre.oval:def:751", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A553", "name" : "oval:org.mitre.oval:def:553", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A525", "name" : "oval:org.mitre.oval:def:525", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14187", "name" : "mdac-broadcastrequest-bo(14187)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-003", "name" : "MS04-003", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-17T05:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0904", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0311&L=ntbugtraq&F=P&S=&P=9281", "name" : "20031114 Exchange 2003 OWA major security flaw", "refsource" : "NTBUGTRAQ", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.microsoft.com/exchange/support/e2k3owa.asp", "name" : "http://www.microsoft.com/exchange/support/e2k3owa.asp", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9118", "name" : "9118", "refsource" : "BID", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.kb.cert.org/vuls/id/530660", "name" : "VU#530660", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/10615", "name" : "10615", "refsource" : "SECUNIA", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9409", "name" : "9409", "refsource" : "BID", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13869", "name" : "exchange-owa-account-access(13869)", "refsource" : "XF", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A477", "name" : "oval:org.mitre.oval:def:477", "refsource" : "OVAL", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-002", "name" : "MS04-002", "refsource" : "MS", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:2003:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:enterprise:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:datacenter:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:standard:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:web:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2003:r2:*:*:*:*:*:x64:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.8, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-20T05:00Z", "lastModifiedDate" : "2020-04-09T13:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0905", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/9825", "name" : "9825", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/982630", "name" : "VU#982630", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A842", "name" : "oval:org.mitre.oval:def:842", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15038", "name" : "win-media-services-dos(15038)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-008", "name" : "MS04-008", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:windows_media_services:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-04-15T04:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0906", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html", "name" : "TA04-104A", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/547028", "name" : "VU#547028", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/10120", "name" : "10120", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A959", "name" : "oval:org.mitre.oval:def:959", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A897", "name" : "oval:org.mitre.oval:def:897", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1064", "name" : "oval:org.mitre.oval:def:1064", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011", "name" : "MS04-011", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.6 }, "severity" : "HIGH", "exploitabilityScore" : 4.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2004-06-01T04:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0907", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html", "name" : "TA04-104A", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/260588", "name" : "VU#260588", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020065.html", "name" : "20040413 Microsoft Help and Support Center argument injection vulnerability", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/o-114.shtml", "name" : "O-114", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/10119", "name" : "10119", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.idefense.com/application/poi/display?id=100&type=vulnerabilities", "name" : "http://www.idefense.com/application/poi/display?id=100&type=vulnerabilities", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=108196864221676&w=2", "name" : "20040413 [Full-Disclosure] iDEFENSE Security Advisory 04.13.04 - Microsoft Help and Support", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15704", "name" : "win-hcpurl-code-execution(15704)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A904", "name" : "oval:org.mitre.oval:def:904", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1000", "name" : "oval:org.mitre.oval:def:1000", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011", "name" : "MS04-011", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.1 }, "severity" : "MEDIUM", "exploitabilityScore" : 4.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : true } }, "publishedDate" : "2004-06-01T04:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0908", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html", "name" : "TA04-104A", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/526084", "name" : "VU#526084", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.appsecinc.com/resources/alerts/general/04-0001.html", "name" : "http://www.appsecinc.com/resources/alerts/general/04-0001.html", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0082.html", "name" : "20040414 [SHATTER Team Security Alert] Microsoft Windows Utility Manager Vulnerability", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/o-114.shtml", "name" : "O-114", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securiteam.com/windowsntfocus/5LP0C2ACKU.html", "name" : "http://www.securiteam.com/windowsntfocus/5LP0C2ACKU.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/10124", "name" : "10124", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15632", "name" : "win2k-utilitymgr-gain-privileges(15632)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1046", "name" : "oval:org.mitre.oval:def:1046", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011", "name" : "MS04-011", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a \"Shatter\" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-06-01T04:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0909", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html", "name" : "TA04-104A", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/206468", "name" : "VU#206468", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/o-114.shtml", "name" : "O-114", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/10125", "name" : "10125", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15678", "name" : "winxp-task-gain-privileges(15678)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1004", "name" : "oval:org.mitre.oval:def:1004", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011", "name" : "MS04-011", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka \"Windows Management Vulnerability.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-06-01T04:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0910", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.eeye.com/html/Research/Advisories/AD20040413D.html", "name" : "AD20040413D", "refsource" : "EEYE", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html", "name" : "TA04-104A", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/122076", "name" : "VU#122076", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020068.html", "name" : "20040413 EEYE: Windows Expand-Down Data Segment Local Privilege Escalation", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/o-114.shtml", "name" : "O-114", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/10122", "name" : "10122", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15707", "name" : "win-ldt-gain-privileges(15707)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A911", "name" : "oval:org.mitre.oval:def:911", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A890", "name" : "oval:org.mitre.oval:def:890", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011", "name" : "MS04-011", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-06-01T04:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0913", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://docs.info.apple.com/article.html?artnum=61798", "name" : "http://docs.info.apple.com/article.html?artnum=61798", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8979", "name" : "8979", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://docs.info.apple.com/article.html?artnum=120269", "name" : "http://docs.info.apple.com/article.html?artnum=120269", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://lists.apple.com/mhonarc/security-announce/msg00040.html", "name" : "http://lists.apple.com/mhonarc/security-announce/msg00040.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13620", "name" : "macos-terminal-gain-access(13620)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow \"unauthorized access.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-01T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0914", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/734644", "name" : "VU#734644", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.debian.org/security/2004/dsa-409", "name" : "DSA-409", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57434", "name" : "57434", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt", "name" : "2003-0044", "refsource" : "TRUSTIX", "tags" : [ ] }, { "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33/CSSA-2003-SCO.33.txt", "name" : "CSSA-2003-SCO.33", "refsource" : "SCO", "tags" : [ ] }, { "url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-003.0/CSSA-2004-003.0.txt", "name" : "CSSA-2004-003.0", "refsource" : "SCO", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10542", "name" : "10542", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2011", "name" : "oval:org.mitre.oval:def:2011", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:bind:8.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:bind:8.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:bind:8.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nixu:namesurfer:suite_3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:bind:8.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:bind:8.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:bind:8.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:bind:8.3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:bind:8.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:bind:8.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:bind:8.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:bind:8.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:bind:8.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nixu:namesurfer:standard_3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:bind:8.3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isc:bind:8.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk3_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk4_bl21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk4_bl18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:current:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk8_bl22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk5_bl19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sco:unixware:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g_pk4_bl22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk5_bl23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk6_bl20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b_pk2_bl22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0917", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0918", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0919", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0920", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0921", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0922", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0923", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0924", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2004/dsa-426", "name" : "DSA-426", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9442", "name" : "9442", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/487102", "name" : "VU#487102", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-030.html", "name" : "RHSA-2004:030", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.gentoo.org/security/en/glsa/glsa-200410-02.xml", "name" : "GLSA-200410-02", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-031.html", "name" : "RHSA-2004:031", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc", "name" : "20040201-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:011", "name" : "MDKSA-2004:011", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A810", "name" : "oval:org.mitre.oval:def:810", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A804", "name" : "oval:org.mitre.oval:def:804", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14874", "name" : "netpbm-temp-insecure-file(14874)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netpbm:netpbm:*:*:*:*:*:*:*:*", "versionEndIncluding" : "9.25", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 3.7 }, "severity" : "LOW", "exploitabilityScore" : 1.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-17T05:00Z", "lastModifiedDate" : "2017-10-10T01:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0925", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ethereal.com/appnotes/enpa-sa-00011.html", "name" : "http://www.ethereal.com/appnotes/enpa-sa-00011.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8951", "name" : "8951", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-323.html", "name" : "RHSA-2003:323", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-407", "name" : "DSA-407", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-324.html", "name" : "RHSA-2003:324", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-64.txt", "name" : "TLSA-2003-64", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000780", "name" : "CLA-2003:780", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:114", "name" : "MDKSA-2003:114", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10531", "name" : "10531", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9692", "name" : "oval:org.mitre.oval:def:9692", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-01T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0926", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ethereal.com/appnotes/enpa-sa-00011.html", "name" : "http://www.ethereal.com/appnotes/enpa-sa-00011.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8951", "name" : "8951", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-324.html", "name" : "RHSA-2003:324", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000780", "name" : "CLA-2003:780", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-407", "name" : "DSA-407", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-323.html", "name" : "RHSA-2003:323", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-64.txt", "name" : "TLSA-2003-64", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:114", "name" : "MDKSA-2003:114", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10531", "name" : "10531", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11648", "name" : "oval:org.mitre.oval:def:11648", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to cause a denial of service (crash) via certain malformed (1) ISAKMP or (2) MEGACO packets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-01T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0927", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ethereal.com/appnotes/enpa-sa-00011.html", "name" : "http://www.ethereal.com/appnotes/enpa-sa-00011.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8951", "name" : "8951", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-323.html", "name" : "RHSA-2003:323", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000780", "name" : "CLA-2003:780", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2003/dsa-407", "name" : "DSA-407", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-324.html", "name" : "RHSA-2003:324", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.turbolinux.com/security/TLSA-2003-64.txt", "name" : "TLSA-2003-64", "refsource" : "TURBO", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:114", "name" : "MDKSA-2003:114", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10531", "name" : "10531", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13578", "name" : "ethereal-socks-heap-overflow(13578)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9691", "name" : "oval:org.mitre.oval:def:9691", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-01T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0928", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.corsaire.com/advisories/c030807-001.txt", "name" : "http://www.corsaire.com/advisories/c030807-001.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=109241692108678&w=2", "name" : "20040813 Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Clearswift MAILsweeper before 4.3.15 does not properly detect and filter RAR 3.20 encoded files, which allows remote attackers to bypass intended policy." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.3.15", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-09-28T04:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0929", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.corsaire.com/advisories/c030807-001.txt", "name" : "http://www.corsaire.com/advisories/c030807-001.txt", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=109241692108678&w=2", "name" : "20040813 Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.3.15", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-09-28T04:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0930", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.corsaire.com/advisories/c030807-001.txt", "name" : "http://www.corsaire.com/advisories/c030807-001.txt", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=109241692108678&w=2", "name" : "20040813 Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Clearswift MAILsweeper before 4.3.15 does not properly detect filenames in BinHex (HQX) encoded files, which allows remote attackers to bypass intended policy." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.3.15", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-09-28T04:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0931", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.corsaire.com/advisories/c031120-001.txt", "name" : "http://www.corsaire.com/advisories/c031120-001.txt", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=109215951022437&w=2", "name" : "20040810 Corsaire Security Advisory - Sygate Enforcer discovery packet DoS issue", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16949", "name" : "sygate-enforcer-payload-dos(16949)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial of service (service hang) by replaying a malformed discovery packet to UDP port 39999." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sygate_technologies:enforcer:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-09-28T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0932", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-400", "name" : "DSA-400", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in omega-rpg 0.90 allows local users to execute arbitrary code via a long (1) command line or (2) environment variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:omega-rpg:omega-rpg:0.9.0_pa9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0933", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-398", "name" : "DSA-398", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in conquest 7.2 and earlier may allow a local user to execute arbitrary code via a long environment variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:conquest:conquest:7.1.1_-6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-01T05:00Z", "lastModifiedDate" : "2008-09-10T19:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0934", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.secnap.net/security/031106.html", "name" : "http://www.secnap.net/security/031106.html", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106850011513880&w=2", "name" : "20031110 Symbol Technologies Default WEP KEYS Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Symbol Access Portable Data Terminal (PDT) 8100 does not hide the default WEP keys if they are not changed, which could allow attackers to retrieve the keys and gain access to the wireless network." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:symbol_technologies:pdt:8100:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-01T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0935", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sourceforge.net/forum/forum.php?forum_id=308015", "name" : "http://sourceforge.net/forum/forum.php?forum_id=308015", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-335.html", "name" : "RHSA-2003:335", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-023.html", "name" : "RHSA-2004:023", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000778", "name" : "CLA-2003:778", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9802", "name" : "oval:org.mitre.oval:def:9802", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A869", "name" : "oval:org.mitre.oval:def:869", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:net-snmp:net-snmp:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:net-snmp:net-snmp:5.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:net-snmp:net-snmp:5.0.4_pre2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:net-snmp:net-snmp:5.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:net-snmp:net-snmp:5.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:net-snmp:net-snmp:5.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:net-snmp:net-snmp:5.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-01T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0936", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2003.11.13.html", "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2003.11.13.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106875764826251&w=2", "name" : "20031113 SRT2003-11-13-0218 - PCAnywhere local SYSTEM exploit", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106876107330752&w=2", "name" : "20031113 RE: Secure Network Operations SRT2003-11-13-0218, PCAnywhere allows local users to become SYSTEM", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:pcanywhere:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:pcanywhere:10.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:pcanywhere:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0937", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.texonet.com/advisories/TEXONET-20031024.txt", "name" : "http://www.texonet.com/advisories/TEXONET-20031024.txt", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.32/CSSA-2003-SCO.32.txt", "name" : "CSSA-2003-SCO.32", "refsource" : "SCO", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106865297403687&w=2", "name" : "20031112 Insecure handling of procfs descriptors in UnixWare can lead to local privilege escalation.", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the \"as\" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sco:unixware:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sco:unixware:7.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sco:open_unix:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0938", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a111703-1.txt", "name" : "A111703-1", "refsource" : "ATSTAKE", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13765", "name" : "sapdb-NETAPI32-gain-privileges(13765)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious \"NETAPI32.DLL\" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:sap_db:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.4.03.27", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0939", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a111703-1.txt", "name" : "A111703-1", "refsource" : "ATSTAKE", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.sapdb.org/7.4/new_relinfo.txt", "name" : "http://www.sapdb.org/7.4/new_relinfo.txt", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver (aka serv.exe) process on TCP port 7269, which prevents the server from NULL terminating the string and leads to a buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:sap_db:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.4.03.27", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0940", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a111703-2.txt", "name" : "A111703-2", "refsource" : "ATSTAKE", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB before 7.4.03.30 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:sap_db:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.4.03.29", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0941", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a111703-2.txt", "name" : "A111703-2", "refsource" : "ATSTAKE", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:sap_db:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.4.03.29", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0942", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a111703-2.txt", "name" : "A111703-2", "refsource" : "ATSTAKE", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Web Agent Administration service in web-tools for SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a long Name parameter to waadmin.wa." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:sap_db:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.4.03.29", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0943", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a111703-2.txt", "name" : "A111703-2", "refsource" : "ATSTAKE", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via (1) waecho, (2) Web SQL Interface (websql), or (3) Web Database Manager (webdbm)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:sap_db:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.4.03.29", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0944", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a111703-2.txt", "name" : "A111703-2", "refsource" : "ATSTAKE", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the WAECHO default service in web-tools in SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a URL with a long requestURI." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:sap_db:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.4.03.29", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0945", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.atstake.com/research/advisories/2003/a111703-2.txt", "name" : "A111703-2", "refsource" : "ATSTAKE", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13774", "name" : "sapdb-manager-sessionid-predictable(13774)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:sap_db:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.4.03.29", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0946", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sourceforge.net/project/shownotes.php?release_id=197038", "name" : "http://sourceforge.net/project/shownotes.php?release_id=197038", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106867135830683&w=2", "name" : "20031112 SRT2003-11-11-1151 - clamav-milter remote exploit / DoS", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a \"MAIL FROM\" command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0947", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106867458902521&w=2", "name" : "20031112 iwconfig vulnerability - the last code was demaged sending by email", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in iwconfig, when installed setuid, allows local users to execute arbitrary code via a long OUT environment variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:25:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:26:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0948", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securiteam.com/exploits/6Y00R1P8KY.html", "name" : "http://www.securiteam.com/exploits/6Y00R1P8KY.html", "refsource" : "MISC", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8901", "name" : "8901", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in iwconfig allows local users to execute arbitrary code via a long HOME environment variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:25:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:26:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0949", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2003/dsa-405", "name" : "DSA-405", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9321", "name" : "9321", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14098", "name" : "xsok-command-execution(14098)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "xsok 1.02 does not properly drop privileges before finding and executing the \"gunzip\" program, which allows local users to execute arbitrary commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:michael_bischoff:xsok:1.02:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-03T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0950", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/9041", "name" : "9041", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://xforce.iss.net/xforce/alerts/id/157", "name" : "20031112 IClient Servlet Remote Command Execution Vulnerability", "refsource" : "ISS", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12805", "name" : "peoplesoft-iclientservlet-file-upload(12805)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.14:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0951", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/hp/2003-q4/0041.html", "name" : "HPSBUX0311-296", "refsource" : "HP", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5146", "name" : "oval:org.mitre.oval:def:5146", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allows attackers to obtain sensitive data or gain privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0952", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0953", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0954", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY48272&apar=only", "name" : "IY48272", "refsource" : "AIXAPAR", "tags" : [ ] }, { "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY48747&apar=only", "name" : "IY48747", "refsource" : "AIXAPAR", "tags" : [ ] }, { "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY49238&apar=only", "name" : "IY49238", "refsource" : "AIXAPAR", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/9078", "name" : "9078", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://securitytracker.com/id?1008258", "name" : "1008258", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10276/", "name" : "10276", "refsource" : "SECUNIA", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users to gain privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0955", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/005_exec.patch", "name" : "20031105 005: RELIABILITY FIX: November 4, 2003", "refsource" : "OPENBSD", "tags" : [ "Patch" ] }, { "url" : "http://www.guninski.com/msuxobsd2.html", "name" : "http://www.guninski.com/msuxobsd2.html", "refsource" : "MISC", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013315.html", "name" : "20031104 OpenBSD kernel overflow, yet still *BSD much better than windows", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.openbsd.org/errata33.html", "name" : "20031104 010: RELIABILITY FIX: November 4, 2003", "refsource" : "OPENBSD", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8978", "name" : "8978", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=openbsd-security-announce&m=106808820119679&w=2", "name" : "http://marc.info/?l=openbsd-security-announce&m=106808820119679&w=2", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=openbsd-security-announce&m=106917441524978&w=2", "name" : "http://marc.info/?l=openbsd-security-announce&m=106917441524978&w=2", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0956", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://linux.bkbits.net:8080/linux-2.4/cset@3ef33d95ym_22QH2xwhDMt264M55Fg", "name" : "http://linux.bkbits.net:8080/linux-2.4/cset@3ef33d95ym_22QH2xwhDMt264M55Fg", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42942", "name" : "linux-kernel-odirect-information-disclosure(42942)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow local users to obtain sensitive data that was originally owned by other users, a different vulnerability than CVE-2003-0018." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.22:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:N/C:P/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.6 }, "severity" : "LOW", "exploitabilityScore" : 1.9, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0959", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://linux.bkbits.net:8080/linux-2.4/cset@3ed382f7UfJ9Q2LKCJq1Tc5B7-EC5A", "name" : "http://linux.bkbits.net:8080/linux-2.4/cset@3ed382f7UfJ9Q2LKCJq1Tc5B7-EC5A", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43072", "name" : "linux-kernel-unspecified-priv-escalation(43072)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copy_from_user function calls with improper length arguments." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test11:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test12:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test9:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre7:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0960", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=107003609308765&w=2", "name" : "20031128 [OpenCA Advisory] Vulnerabilities in signature verification", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OpenCA before 0.9.1.4 does not use the correct certificate in a chain to check the serial, which could cause OpenCA to accept revoked or expired certificates." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openca:openca:0.8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openca:openca:0.8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openca:openca:0.8.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openca:openca:0.9.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openca:openca:0.9.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openca:openca:0.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openca:openca:0.9.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openca:openca:0.9.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openca:openca:0.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0961", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-389.html", "name" : "RHSA-2003:389", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-403", "name" : "DSA-403", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://isec.pl/papers/linux_kernel_do_brk.pdf", "name" : "http://isec.pl/papers/linux_kernel_do_brk.pdf", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-368.html", "name" : "RHSA-2003:368", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-417", "name" : "DSA-417", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-423", "name" : "DSA-423", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-433", "name" : "DSA-433", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-439", "name" : "DSA-439", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-440", "name" : "DSA-440", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-442", "name" : "DSA-442", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-450", "name" : "DSA-450", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-470", "name" : "DSA-470", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-475", "name" : "DSA-475", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_049_kernel.html", "name" : "SuSE-SA:2003:049", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/301156", "name" : "VU#301156", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/10328", "name" : "10328", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10329", "name" : "10329", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10330", "name" : "10330", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10333", "name" : "10333", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10338", "name" : "10338", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000796", "name" : "CLA-2003:796", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:110", "name" : "MDKSA-2003:110", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107394143105081&w=2", "name" : "20040112 SmoothWall Project Security Advisory SWP-2004:001", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107064830206816&w=2", "name" : "20031204 Hot fix for do_brk bug", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107064798706473&w=2", "name" : "20031204 [iSEC] Linux kernel do_brk() vulnerability details", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.4.22", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0962", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-398.html", "name" : "RHSA-2003:398", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9153", "name" : "9153", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20031202-01-U", "name" : "20031202-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/325603", "name" : "VU#325603", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.osvdb.org/2898", "name" : "2898", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10353", "name" : "10353", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10354", "name" : "10354", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10355", "name" : "10355", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10356", "name" : "10356", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10357", "name" : "10357", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10358", "name" : "10358", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10359", "name" : "10359", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10360", "name" : "10360", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10361", "name" : "10361", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10362", "name" : "10362", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10363", "name" : "10363", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10364", "name" : "10364", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10378", "name" : "10378", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10474", "name" : "10474", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000794", "name" : "CLA-2003:794", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:111", "name" : "MDKSA-2003:111", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107055681311602&w=2", "name" : "20031204 rsync security advisory (fwd)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107056923528423&w=2", "name" : "20031204 GLSA: exploitable heap overflow in rsync (200312-03)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107055684711629&w=2", "name" : "2003-0048", "refsource" : "TRUSTIX", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107055702911867&w=2", "name" : "20031204 [OpenPKG-SA-2003.051] OpenPKG Security Advisory (rsync)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13899", "name" : "linux-rsync-heap-overflow(13899)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9415", "name" : "oval:org.mitre.oval:def:9415", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:engardelinux:secure_community:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:engardelinux:secure_community:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:rsync:2.4.6-2:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:rsync:2.5.5-1:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:rsync:2.4.6-5:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:engardelinux:secure_linux:1.2:*:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:engardelinux:secure_linux:1.1:*:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:rsync:2.5.4-2:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.4.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:rsync:2.5.5-4:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:engardelinux:secure_linux:1.5:*:professional:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:rsync:2.4.6-5:*:ia64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:slackware:slackware_linux:current:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0963", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-404.html", "name" : "RHSA-2003:404", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_051_lftp.html", "name" : "SuSE-SA:2003:051", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-406", "name" : "DSA-406", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040101-01-U", "name" : "20040101-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-403.html", "name" : "RHSA-2003:403", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:116", "name" : "MDKSA-2003:116", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc", "name" : "20040202-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10525", "name" : "10525", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10548", "name" : "10548", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107167974714484&w=2", "name" : "20031217 [OpenPKG-SA-2003.053] OpenPKG Security Advisory (lftp)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107177409418121&w=2", "name" : "20031218 GLSA: lftp (200312-07)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107340499504411&w=2", "name" : "CLA-2004:800", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107126386226196&w=2", "name" : "20031212 [slackware-security] lftp security update (SSA:2003-346-01)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107152267121513&w=2", "name" : "20031213 lftp buffer overflows", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11180", "name" : "oval:org.mitre.oval:def:11180", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0964", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: N/A. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2003-11-17T05:00Z", "lastModifiedDate" : "2008-09-10T19:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0965", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://mail.python.org/pipermail/mailman-announce/2003-December/000066.html", "name" : "[Mailman-Announce] 20031231 RELEASED Mailman 2.1.4", "refsource" : "MLIST", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9336", "name" : "9336", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-020.html", "name" : "RHSA-2004:020", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-436", "name" : "DSA-436", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842", "name" : "CLA-2004:842", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:013", "name" : "MDKSA-2004:013", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.osvdb.org/3305", "name" : "3305", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10519", "name" : "10519", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14121", "name" : "mailman-admin-xss(14121)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A813", "name" : "oval:org.mitre.oval:def:813", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.1.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-17T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0966", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2004-009.html", "name" : "RHSA-2004:009", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9430", "name" : "9430", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112078", "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112078", "refsource" : "MISC", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc", "name" : "20040103-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14840", "name" : "elm-frm-subject-bo(14840)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the frm command in elm 2.5.6 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code via a long Subject line." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:elm_development_group:elm:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.5.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-17T05:00Z", "lastModifiedDate" : "2017-10-10T01:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0967", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-386.html", "name" : "RHSA-2003:386", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://marc.info/?l=freeradius-users&m=106947389449613&w=2", "name" : "http://marc.info/?l=freeradius-users&m=106947389449613&w=2", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106944220426970", "name" : "20031121 FreeRADIUS 0.9.2 \"Tunnel-Password\" attribute Handling Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106935911101493&w=2", "name" : "20031120 Remote DoS in FreeRADIUS, all versions.", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10917", "name" : "oval:org.mitre.oval:def:10917", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.9.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0968", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106986437621130&w=2", "name" : "20031126 FreeRADIUS <= 0.9.3 rlm_smb module stack overflow vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.9.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0969", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/9364", "name" : "9364", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-411", "name" : "DSA-411", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2004_02_tcpdump.html", "name" : "SuSE-SA:2004:002", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://www.osvdb.org/3331", "name" : "3331", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14148", "name" : "mpg321-mp3-format-string(14148)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mpg321:mpg321:0.2.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-20T05:00Z", "lastModifiedDate" : "2017-10-10T01:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0970", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57430", "name" : "57430", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Network Management Port on Sun Fire B1600 systems allows remote attackers to cause a denial of service (packet loss) via ARP packets, which cause all ports to become temporarily disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:sun:sun_fire:b1600:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0971", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html", "name" : "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html", "name" : "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/9115", "name" : "9115", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_048_gpg.html", "name" : "SuSE-SA:2003:048", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-390.html", "name" : "RHSA-2003:390", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-395.html", "name" : "RHSA-2003:395", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-429", "name" : "DSA-429", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/940388", "name" : "VU#940388", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/10304", "name" : "10304", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10349", "name" : "10349", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10399", "name" : "10399", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10400", "name" : "10400", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000798", "name" : "CLA-2003:798", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:109", "name" : "MDKSA-2003:109", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc", "name" : "20040202-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106995769213221&w=2", "name" : "20031127 GnuPG's ElGamal signing keys compromised", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10982", "name" : "oval:org.mitre.oval:def:10982", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.0.3b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.2.2:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0972", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2004/dsa-408", "name" : "DSA-408", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://groups.yahoo.com/group/gnu-screen/message/3118", "name" : "http://groups.yahoo.com/group/gnu-screen/message/3118", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000809", "name" : "CLA-2004:809", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:113", "name" : "MDKSA-2003:113", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10539", "name" : "10539", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106995837813873&w=2", "name" : "20031127 GNU screen buffer overflow", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of \";\" (semicolon) characters in escape sequences, which leads to a buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:screen:3.9.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:screen:3.9.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:screen:3.9.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:screen:3.9.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:screen:3.9.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:screen:3.9.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:screen:3.9.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:screen:4.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0973", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.modpython.org/pipermail/mod_python/2003-November/004005.html", "name" : "http://www.modpython.org/pipermail/mod_python/2003-November/004005.html", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.debian.org/security/2004/dsa-452", "name" : "DSA-452", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-058.html", "name" : "RHSA-2004:058", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://bugzilla.fedora.us/show_bug.cgi?id=1325", "name" : "FEDORA-2004-1325", "refsource" : "FEDORA", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-063.html", "name" : "RHSA-2004:063", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000837", "name" : "CLA-2004:837", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A839", "name" : "oval:org.mitre.oval:def:839", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A828", "name" : "oval:org.mitre.oval:def:828", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10259", "name" : "oval:org.mitre.oval:def:10259", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:mod_python:2.7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:mod_python:2.7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:mod_python:3.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:mod_python:3.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:mod_python:2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:mod_python:2.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:mod_python:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:mod_python:3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:mod_python:2.7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:mod_python:2.7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:mod_python:2.7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:mod_python:2.7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:mod_python:2.7.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0974", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/9124", "name" : "9124", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.bugtraq.org/advisories/_BSSADV-0000.txt", "name" : "http://www.bugtraq.org/advisories/_BSSADV-0000.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107004362416252&w=2", "name" : "20031128 Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107031196324376&w=2", "name" : "20031201 Re: Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107005523025918&w=2", "name" : "20031128 Applied Watch Response to Bugtraq.org post - Was: Multiple Remote Issues in Applied Watch IDS Suite", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as (1) add new users to a console, as demonstrated using appliedsnatch.c, or (2) add spurious IDS rules to sensors, as demonstrated using addrule.c." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:applied_watch_technologies:applied_watch_command_center:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0975", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://docs.info.apple.com/article.html?artnum=61798", "name" : "http://docs.info.apple.com/article.html?artnum=61798", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://lists.apple.com/mhonarc/security-announce/msg00042.html", "name" : "http://lists.apple.com/mhonarc/security-announce/msg00042.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106917674428552&w=2", "name" : "20031118 Apple Safari 1.1 (v100)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7973", "name" : "mozilla-netscape-steal-cookies(7973)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0976", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10089375.htm", "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10089375.htm", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13915", "name" : "netware-nfs-share-access(13915)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce sys:\\etc\\exports when hostname aliases from sys:etc\\hosts file are used, which could allow users to mount file systems when XNFS should deny the host." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-15T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0977", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1", "name" : "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.debian.org/security/2004/dsa-422", "name" : "DSA-422", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-003.html", "name" : "RHSA-2004:003", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-004.html", "name" : "RHSA-2004:004", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc", "name" : "20040103-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808", "name" : "CLA-2004:808", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:112", "name" : "MDKSA-2003:112", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc", "name" : "20040202-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10601", "name" : "10601", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107168035515554&w=2", "name" : "20031217 [OpenPKG-SA-2003.052] OpenPKG Security Advisory (cvs)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107540163908129&w=2", "name" : "20040129 [FLSA-2004:1207] Updated cvs resolves security vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13929", "name" : "cvs-module-file-manipulation(13929)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866", "name" : "oval:org.mitre.oval:def:866", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855", "name" : "oval:org.mitre.oval:def:855", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528", "name" : "oval:org.mitre.oval:def:11528", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0978", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.s-quadra.com/advisories/Adv-20031203.txt", "name" : "http://www.s-quadra.com/advisories/Adv-20031203.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_048_gpg.html", "name" : "SuSE-SA:2003:048", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107047470625214&w=2", "name" : "20031203 GnuPG 1.2.3, 1.3.3 external HKP interface format string issue", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13892", "name" : "gnupg-gpgkeyshkp-format-string(13892)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.2.2:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0979", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt", "name" : "http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=107107840622493&w=2", "name" : "20031210 Visitorbook LE Multiple Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which allows remote attackers to (1) use VisitorBook as an open mail relay, when $mailuser is 1, via extra headers in the email field, or (2) cause the guestbook database to be deleted via a large number of line breaks that exceeds the $max_posts variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freescripts:visitorbook:le:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0980", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt", "name" : "http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=107107840622493&w=2", "name" : "20031210 Visitorbook LE Multiple Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE (visitorbook.pl) allows remote attackers to inject arbitrary HTML or web script via (1) the \"do\" parameter, (2) via the \"user\" parameter from a host with a malicious reverse DNS name, (3) via quote marks or ampersands in other parameters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freescripts:visitorbook:le:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0981", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt", "name" : "http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt", "refsource" : "MISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=107107840622493&w=2", "name" : "20031210 Visitorbook LE Multiple Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freescripts:visitorbook:le:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0982", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20031210-ACNS-auth.shtml", "name" : "20031210 Vulnerability in Authentication Library for ACNS", "refsource" : "CISCO", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9187", "name" : "9187", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/352462", "name" : "VU#352462", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/10409", "name" : "10409", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13945", "name" : "cisco-acns-password-bo(13945)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:application_and_content_networking_software:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:application_and_content_networking_software:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_distribution_manager_4650:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_distribution_manager_4670:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine:560_3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine:560_4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine:7320:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine:7320_2.2_.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:content_router_4430:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:content_router_4450:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:application_and_content_networking_software:4.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_distribution_manager_4650:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine:7320_4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:application_and_content_networking_software:5.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine:507_2.2_.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:application_and_content_networking_software:4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine:590_4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine:560_4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_distribution_manager_4650:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine_module:for_cisco_router_3600_series:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_distribution_manager_4630:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:application_and_content_networking_software:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine:560:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine_module:for_cisco_router_3700_series:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine:560_2.2_.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:application_and_content_networking_software:4.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine:507:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine:590:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:application_and_content_networking_software:4.2.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine:590_4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine:7320_3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:enterprise_content_delivery_network_software:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:enterprise_content_delivery_network_software:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine:507_4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_distribution_manager_4630:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine:507_4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine:590_2.2_.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine:507_3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_distribution_manager_4630:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine_module:for_cisco_router_2600_series:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine:590_3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:application_and_content_networking_software:4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:content_engine:7320_4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2018-10-30T16:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0983", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20031210-unity.shtml", "name" : "20031210 Unity Vulnerabilities on IBM-based Servers", "refsource" : "CISCO", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via (1) a \"bubba\" local user account, (2) an open TCP port 34571, or (3) when a local DHCP server is unavailable, a DHCP server on the manufacturer's test network." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:80-7112-01_for_the_unity-svrx255-2a:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:80-7111-01_for_the_unity-svrx255-1a:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2008-09-10T19:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0984", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/9154", "name" : "9154", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-188.html", "name" : "RHSA-2004:188", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_049_kernel.html", "name" : "SuSE-SA:2003:049", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html", "name" : "ESA-20040105-001", "refsource" : "ENGARDE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-417.html", "name" : "RHSA-2003:417", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799", "name" : "CLA-2004:799", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2006/dsa-1070", "name" : "DSA-1070", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2006/dsa-1067", "name" : "DSA-1067", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2006/dsa-1069", "name" : "DSA-1069", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/20162", "name" : "20162", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/20163", "name" : "20163", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/20202", "name" : "20202", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2006/dsa-1082", "name" : "DSA-1082", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/20338", "name" : "20338", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.redhat.com/archives/fedora-announce-list/2004-January/msg00000.html", "name" : "FEDORA-2003-046", "refsource" : "FEDORA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:001", "name" : "MDKSA-2004:001", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.osvdb.org/3317", "name" : "3317", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1008594", "name" : "1008594", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10536", "name" : "10536", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10537", "name" : "10537", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10538", "name" : "10538", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10555", "name" : "10555", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10582", "name" : "10582", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10583", "name" : "10583", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10533", "name" : "10533", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107394143105081&w=2", "name" : "20040112 SmoothWall Project Security Advisory SWP-2004:001", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13943", "name" : "linux-rtc-memory-leak(13943)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9406", "name" : "oval:org.mitre.oval:def:9406", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A859", "name" : "oval:org.mitre.oval:def:859", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1013", "name" : "oval:org.mitre.oval:def:1013", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test12:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test11:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test9:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre7:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0985", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2003-417.html", "name" : "RHSA-2003:417", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html", "name" : "ESA-20040105-001", "refsource" : "ENGARDE", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9356", "name" : "9356", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://isec.pl/vulnerabilities/isec-0013-mremap.txt", "name" : "http://isec.pl/vulnerabilities/isec-0013-mremap.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24", "name" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-0528?op=file&rev=0&sc=0", "name" : "http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-0528?op=file&rev=0&sc=0", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap", "name" : "http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-423", "name" : "DSA-423", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-450", "name" : "DSA-450", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2006/dsa-1070", "name" : "DSA-1070", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2006/dsa-1067", "name" : "DSA-1067", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2006/dsa-1069", "name" : "DSA-1069", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2006/dsa-1082", "name" : "DSA-1082", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-413", "name" : "DSA-413", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-417", "name" : "DSA-417", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-427", "name" : "DSA-427", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-439", "name" : "DSA-439", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-440", "name" : "DSA-440", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-442", "name" : "DSA-442", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-470", "name" : "DSA-470", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.debian.org/security/2004/dsa-475", "name" : "DSA-475", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2004_03_linux_kernel.html", "name" : "SuSE-SA:2004:003", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799", "name" : "CLA-2004:799", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-416.html", "name" : "RHSA-2003:416", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-418.html", "name" : "RHSA-2003:418", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-419.html", "name" : "RHSA-2003:419", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://download.immunix.org/ImmunixOS/7.3/updates/IMNX-2004-73-001-01", "name" : "IMNX-2004-73-001-01", "refsource" : "IMMUNIX", "tags" : [ ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:001", "name" : "MDKSA-2004:001", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040102-01-U", "name" : "20040102-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-01/0070.html", "name" : "20040108 [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/490620", "name" : "VU#490620", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/o-045.shtml", "name" : "O-045", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.osvdb.org/3315", "name" : "3315", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10532", "name" : "10532", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/20163", "name" : "20163", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/20202", "name" : "20202", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/20338", "name" : "20338", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107350348418373&w=2", "name" : "20040107 [slackware-security] Kernel security update (SSA:2004-006-01)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107340814409017&w=2", "name" : "20040106 Linux mremap bug correction", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107394143105081&w=2", "name" : "20040112 SmoothWall Project Security Advisory SWP-2004:001", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107332782121916&w=2", "name" : "20040105 Linux kernel mremap vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107340358402129&w=2", "name" : "20040105 Linux kernel do_mremap() proof-of-concept exploit code", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107332754521495&w=2", "name" : "2004-0001", "refsource" : "TRUSTIX", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A867", "name" : "oval:org.mitre.oval:def:867", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A860", "name" : "oval:org.mitre.oval:def:860", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14135", "name" : "linux-domremap-gain-privileges(14135)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test11:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test12:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test9:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-20T05:00Z", "lastModifiedDate" : "2018-05-03T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0986", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2004-017.html", "name" : "RHSA-2004:017", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://linux.bkbits.net:8080/linux-2.6/cset@3ffcf122S7e3xPZCpibrXq6KRRjwqw", "name" : "http://linux.bkbits.net:8080/linux-2.6/cset@3ffcf122S7e3xPZCpibrXq6KRRjwqw", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://linux.bkbits.net:8080/linux-2.4/cset@3fdd54b3u9Eq0Wny2Nn1HGfI3pofOQ", "name" : "http://linux.bkbits.net:8080/linux-2.4/cset@3fdd54b3u9Eq0Wny2Nn1HGfI3pofOQ", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9707", "name" : "oval:org.mitre.oval:def:9707", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.23:pre9:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.23_ow2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.22:pre10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.24_ow1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test12:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test11:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test9:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:S/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 1.7 }, "severity" : "LOW", "exploitabilityScore" : 3.1, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0987", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.mail-archive.com/dev@httpd.apache.org/msg19007.html", "name" : "http://www.mail-archive.com/dev@httpd.apache.org/msg19007.html", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.mail-archive.com/dev@httpd.apache.org/msg19014.html", "name" : "http://www.mail-archive.com/dev@httpd.apache.org/msg19014.html", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9571", "name" : "9571", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-600.html", "name" : "RHSA-2004:600", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.trustix.org/errata/2004/0027", "name" : "2004-0027", "refsource" : "TRUSTIX", "tags" : [ ] }, { "url" : "http://security.gentoo.org/glsa/glsa-200405-22.xml", "name" : "GLSA-200405-22", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1", "name" : "57628", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1008920", "name" : "1008920", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643", "name" : "SSA:2004-133", "refsource" : "SLACKWARE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2005-816.html", "name" : "RHSA-2005:816", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1", "name" : "101555", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1", "name" : "101841", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:046", "name" : "MDKSA-2004:046", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=108437852004207&w=2", "name" : "20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15041", "name" : "apache-moddigest-response-replay(15041)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4416", "name" : "oval:org.mitre.oval:def:4416", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100108", "name" : "oval:org.mitre.oval:def:100108", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.3.30", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-03T05:00Z", "lastModifiedDate" : "2021-06-06T11:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0988", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kde.org/info/security/advisory-20040114-1.txt", "name" : "http://www.kde.org/info/security/advisory-20040114-1.txt", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-005.html", "name" : "RHSA-2004:005", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9419", "name" : "9419", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000810", "name" : "CLA-2004:810", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://security.gentoo.org/glsa/glsa-200404-02.xml", "name" : "GLSA-200404-02", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:003", "name" : "MDKSA-2004:003", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-006.html", "name" : "RHSA-2004:006", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/820798", "name" : "VU#820798", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=107412130407906&w=2", "name" : "20040114 KDE Security Advisory: VCF file information reader vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A865", "name" : "oval:org.mitre.oval:def:865", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A858", "name" : "oval:org.mitre.oval:def:858", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14833", "name" : "kde-kdepim-bo(14833)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-17T05:00Z", "lastModifiedDate" : "2017-10-10T01:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0989", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.redhat.com/support/errata/RHSA-2004-007.html", "name" : "RHSA-2004:007", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/738518", "name" : "VU#738518", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.debian.org/security/2004/dsa-425", "name" : "DSA-425", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-008.html", "name" : "RHSA-2004:008", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc", "name" : "20040103-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html", "name" : "APPLE-SA-2004-02-23", "refsource" : "APPLE", "tags" : [ ] }, { "url" : "http://www.redhat.com/archives/fedora-legacy-list/2004-January/msg00726.html", "name" : "FLSA:1222", "refsource" : "FEDORA", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc", "name" : "20040202-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:008", "name" : "MDKSA-2004:008", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/9507", "name" : "9507", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1008716", "name" : "1008716", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10636", "name" : "10636", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10668", "name" : "10668", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10718", "name" : "10718", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txt", "name" : "CSSA-2004-008.0", "refsource" : "CALDERA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/12179/", "name" : "12179", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://lwn.net/Alerts/66805/", "name" : "ESA-20040119-002", "refsource" : "ENGARDE", "tags" : [ ] }, { "url" : "http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00015.html", "name" : "[fedora-announce-list] 20040311 Re: [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10639", "name" : "10639", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/11022", "name" : "11022", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00006.html", "name" : "FEDORA-2004-090", "refsource" : "FEDORA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10637", "name" : "10637", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10644", "name" : "10644", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10652", "name" : "10652", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00009.html", "name" : "FEDORA-2004-092", "refsource" : "FEDORA", "tags" : [ ] }, { "url" : "http://lwn.net/Alerts/66445/", "name" : "2004-0004", "refsource" : "TRUSTIX", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/11032/", "name" : "11032", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt", "name" : "SCOSA-2004.9", "refsource" : "SCO", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107577418225627&w=2", "name" : "20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A852", "name" : "oval:org.mitre.oval:def:852", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A847", "name" : "oval:org.mitre.oval:def:847", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10599", "name" : "oval:org.mitre.oval:def:10599", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/350238/30/21640/threaded", "name" : "20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities.", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:tcpdump:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-17T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0990", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/348366", "name" : "20031226 Re: Reported Command Injection in Squirrelmail GPG", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9296", "name" : "9296", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.bugtraq.org/advisories/_BSSADV-0001.txt", "name" : "http://www.bugtraq.org/advisories/_BSSADV-0001.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107247236124180&w=2", "name" : "20031224 Bugtraq Security Systems ADV-0001", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14079", "name" : "squirrelmail-parseaddress-command-execution(14079)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the \"To:\" field." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:squirrelmail:gpg_plugin:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-20T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0991", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://mail.python.org/pipermail/mailman-announce/2004-February/000067.html", "name" : "[Mailman-Announce] 20040208 RELEASED: Mailman 2.0.14 patch-only release", "refsource" : "MLIST", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-436", "name" : "DSA-436", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-019.html", "name" : "RHSA-2004:019", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9620", "name" : "9620", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842", "name" : "CLA-2004:842", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc", "name" : "20040201-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:013", "name" : "MDKSA-2004:013", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15106", "name" : "mailman-command-handler-dos(15106)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0:beta3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0:beta4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0:beta5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-03T05:00Z", "lastModifiedDate" : "2017-10-10T01:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0992", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html", "name" : "http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-020.html", "name" : "RHSA-2004:020", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842", "name" : "CLA-2004:842", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:013", "name" : "MDKSA-2004:013", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A815", "name" : "oval:org.mitre.oval:def:815", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.1.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-17T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0993", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.apacheweek.com/features/security-13", "name" : "http://www.apacheweek.com/features/security-13", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9829", "name" : "9829", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=23850", "name" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=23850", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://security.gentoo.org/glsa/glsa-200405-22.xml", "name" : "GLSA-200405-22", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046", "name" : "MDKSA-2004:046", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643", "name" : "SSA:2004-133", "refsource" : "SLACKWARE", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1", "name" : "57628", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1", "name" : "101555", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1", "name" : "101841", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://www.trustix.org/errata/2004/0027", "name" : "2004-0027", "refsource" : "TRUSTIX", "tags" : [ ] }, { "url" : "http://marc.info/?l=apache-cvs&m=107869603013722", "name" : "[apache-cvs] 20040307 cvs commit: apache-1.3/src/modules/standard mod_access.c", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=108437852004207&w=2", "name" : "20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4670", "name" : "oval:org.mitre.oval:def:4670", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100111", "name" : "oval:org.mitre.oval:def:100111", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15422", "name" : "apache-modaccess-obtain-information(15422)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E", "name" : "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource" : "MLIST", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-29T05:00Z", "lastModifiedDate" : "2021-06-06T11:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0994", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt", "name" : "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html", "name" : "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.osvdb.org/3428", "name" : "3428", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107393473928245&w=2", "name" : "20040112 Re: SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2001:*:pro:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_internet_security:2002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_internet_security:2002:*:pro:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_system_works:2003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_system_works:2004:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2002:*:pro:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_internet_security:2003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_internet_security:2003:*:pro:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:windows_liveupdate:1.70.x:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2001:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_system_works:2002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_internet_security:2001:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_internet_security:2001:*:pro:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_system_works:2001:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:v3.0:*:handhelds:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2.1:*:ms_exchange:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:windows_liveupdate:1.90.x:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2003:*:pro:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2004:*:pro:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_internet_security:2004:*:pro:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-03T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0995", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13131", "name" : "win2k-message-queue-bo(13131)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-039", "name" : "MS03-039", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0996", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.ca.com/techbases/rp/urc6x-secnote.html", "name" : "http://support.ca.com/techbases/rp/urc6x-secnote.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.secunia.com/advisories/10420/", "name" : "10420", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown \"System Security Vulnerability\" in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to gain privileges via the help interface." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:broadcom:unicenter_remote_control_host:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2021-04-13T20:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0997", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.ca.com/techbases/rp/urc6x-secnote.html", "name" : "http://support.ca.com/techbases/rp/urc6x-secnote.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.secunia.com/advisories/10420/", "name" : "10420", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown \"Denial of Service Attack\" vulnerability in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to cause a denial of service (CPU consumption in URC host service)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:broadcom:unicenter_remote_control_host:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2021-04-13T20:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0998", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.ca.com/techbases/rp/urc5x-secnote.html", "name" : "http://support.ca.com/techbases/rp/urc5x-secnote.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.secunia.com/advisories/10420/", "name" : "10420", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown \"potential system security vulnerability\" in Computer Associates (CA) Unicenter Remote Control 5.0 through 5.2, and ControlIT 5.0 and 5.1, may allow attackers to gain privileges to the local system account." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:broadcom:unicenter_remote_control_option:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ca:unicenter_remote_control_option:5.1:*:*:de:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ca:controlit:5.0:*:advanced:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ca:controlit:5.0:*:enterprise:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ca:controlit:5.1:*:enterprise:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:broadcom:unicenter_remote_control:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:broadcom:unicenter_remote_control:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:broadcom:unicenter_remote_control_option:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2021-04-13T20:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-0999", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57451", "name" : "57451", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4098", "name" : "oval:org.mitre.oval:def:4098", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1000", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://mail.nl.linux.org/xchat-announce/2003-12/msg00000.html", "name" : "http://mail.nl.linux.org/xchat-announce/2003-12/msg00000.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=107152093419276&w=2", "name" : "20031214 GLSA: Malformed dcc send requests in xchat-2.0.6 lead to a denial of service", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xchat:xchat:2.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2016-10-18T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1001", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20031215-fwsm.shtml", "name" : "20031215 Cisco FWSM Vulnerabilities", "refsource" : "CISCO", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-1:3.1\\(1a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-2:3.1\\(1a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:catos:5.4\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:catos:7.6\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-1:3.1\\(1a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-2:3.1\\(1a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-x6380-nam:2.1\\(2\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-x6380-nam:2.1\\(2\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:catos:7.5\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2008-09-10T19:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1002", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20031215-fwsm.shtml", "name" : "20031215 Cisco FWSM Vulnerabilities", "refsource" : "CISCO", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-x6380-nam:2.1\\(2\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:catos:7.5\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-1:3.1\\(1a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:catos:7.6\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-1:3.1\\(1a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-2:3.1\\(1a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:catos:5.4\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-2:3.1\\(1a\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-x6380-nam:2.1\\(2\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2008-09-10T19:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1003", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml", "name" : "20031215 Cisco PIX Vulnerabilities", "refsource" : "CISCO", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.1\\(4.206\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(7\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.1\\(4\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(1.200\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(9\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(2\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(6\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(3\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(3.210\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(5\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(2\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1004", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml", "name" : "20031215 Cisco PIX Vulnerabilities", "refsource" : "CISCO", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1005", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.apple.com/archives/security-announce/2003/Dec/msg00001.html", "name" : "APPLE-SA-2003-12-19", "refsource" : "APPLE", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.auscert.org.au/render.html?it=3704", "name" : "ESB-2003.0867", "refsource" : "AUSCERT", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/10474/", "name" : "10474", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/9266", "name" : "9266", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-10T19:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1006", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/347578", "name" : "20031215 Buffer overflow/privilege escalation in MacOS X", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9228", "name" : "9228", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://docs.info.apple.com/article.html?artnum=61798", "name" : "http://docs.info.apple.com/article.html?artnum=61798", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/878526", "name" : "VU#878526", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/archive/1/347707", "name" : "20031216 Re: Buffer overflow/privilege escalation in MacOS X", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/348097", "name" : "20031219 Re: Buffer overflow/privilege escalation in MacOS X - hfs.util also", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13995", "name" : "macos-cd9660-bo(13995)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-29T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1007", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://docs.info.apple.com/article.html?artnum=61798", "name" : "http://docs.info.apple.com/article.html?artnum=61798", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9264", "name" : "9264", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securitytracker.com/id?1008532", "name" : "1008532", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14051", "name" : "applefileserver-dos(14051)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not properly handle certain malformed requests, with unknown impact." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-29T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1008", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://docs.info.apple.com/article.html?artnum=61798", "name" : "http://docs.info.apple.com/article.html?artnum=61798", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14195", "name" : "macos-screen-saver-bypass(14195)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users to bypass the screen saver login window and write a text clipping to the desktop or another application." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-29T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1009", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://docs.info.apple.com/article.html?artnum=61798", "name" : "http://docs.info.apple.com/article.html?artnum=61798", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9110", "name" : "9110", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.carrel.org/dhcp-vuln.html", "name" : "http://www.carrel.org/dhcp-vuln.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://docs.info.apple.com/article.html?artnum=32478", "name" : "http://docs.info.apple.com/article.html?artnum=32478", "refsource" : "MISC", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13874", "name" : "macos-dhcp-gain-privileges(13874)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-29T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1010", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://docs.info.apple.com/article.html?artnum=61798", "name" : "http://docs.info.apple.com/article.html?artnum=61798", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9265", "name" : "9265", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14193", "name" : "macos-fsusage-gain-privileges(14193)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and Mac OS X Server 10.2.8 and 10.3.2 allows local users to gain privileges via unknown attack vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-29T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1011", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://docs.info.apple.com/article.html?artnum=61798", "name" : "http://docs.info.apple.com/article.html?artnum=61798", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8945", "name" : "8945", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/343087", "name" : "20031031 Console Root On OSX up to 10.2.8", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13573", "name" : "macos-ctrlc-gain-access(13573)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keyboard to gain unauthorized access by holding down the CTRL and C keys when the system is booting, which crashes the init process and leaves the user in a root shell." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-29T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1012", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ethereal.com/appnotes/enpa-sa-00012.html", "name" : "http://www.ethereal.com/appnotes/enpa-sa-00012.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-407", "name" : "DSA-407", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-001.html", "name" : "RHSA-2004:001", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-002.html", "name" : "RHSA-2004:002", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc", "name" : "20040103-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000801", "name" : "CLA-2004:801", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:002", "name" : "MDKSA-2004:002", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc", "name" : "20040202-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10531", "name" : "10531", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10568", "name" : "10568", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10570", "name" : "10570", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A856", "name" : "oval:org.mitre.oval:def:856", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10202", "name" : "oval:org.mitre.oval:def:10202", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of Selected packets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1013", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ethereal.com/appnotes/enpa-sa-00012.html", "name" : "http://www.ethereal.com/appnotes/enpa-sa-00012.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-001.html", "name" : "RHSA-2004:001", "refsource" : "REDHAT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2003/dsa-407", "name" : "DSA-407", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-002.html", "name" : "RHSA-2004:002", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc", "name" : "20040103-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000801", "name" : "CLA-2004:801", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:002", "name" : "MDKSA-2004:002", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc", "name" : "20040202-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10531", "name" : "10531", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10568", "name" : "10568", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10570", "name" : "10570", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A857", "name" : "oval:org.mitre.oval:def:857", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10097", "name" : "oval:org.mitre.oval:def:10097", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1014", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm", "name" : "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=109517732328759&w=2", "name" : "20040914 Corsaire Security Advisory - Multiple vendor MIME field multiple occurrence issue", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17333", "name" : "mime-field-filtering-bypass(17333)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use multiple MIME fields with the same name, which may be interpreted differently by mail clients." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.31:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-10-20T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1015", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm", "name" : "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=109525252118936&w=2", "name" : "20040914 Corsaire Security Advisory - Multiple vendor MIME field whitespace issue", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9273", "name" : "mime-tools-incorrect-concatenation(9273)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use whitespace in an unusual fashion, which may be interpreted differently by mail clients." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.31:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-10-20T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1016", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm", "name" : "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=109521027007616&w=2", "name" : "20040914 Corsaire Security Advisory - Multiple vendor MIME field quoting issue", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17336", "name" : "mime-quote-filtering-bypass(17336)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use malformed quoting in MIME headers, parameters, and values, including (1) fields that should not be quoted, (2) duplicate quotes, or (3) missing leading or trailing quote characters, which may be interpreted differently by mail clients." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.31:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-10-20T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1017", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html", "name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8900", "name" : "8900", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14013", "name" : "flash-file-predictable-location(14013)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:macromedia:flash_player:5.0_r50:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:macromedia:flash_player:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:macromedia:flash_player:4.0_r12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:macromedia:flash_player:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:macromedia:flash_player:6.0.79.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:macromedia:director:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:macromedia:flash_player:6.0.47.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:macromedia:flash_player:6.0.65.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:macromedia:flash_player:6.0.29.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:macromedia:flash_player:6.0.40.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1018", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/9254", "name" : "9254", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-20", "name" : "MSS-OAR-E01-20", "refsource" : "IBM", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14037", "name" : "aix-enq-format-string(14037)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-29T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1020", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/347218", "name" : "20031211 irssi - potential remote crash", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:117", "name" : "MDKSA-2003:117", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13973", "name" : "irssi-dos(13973)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:irssi:irssi:0.8.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:irssi:irssi:0.8.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:irssi:irssi:0.8.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:irssi:irssi:0.8.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:irssi:irssi:0.8.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-05T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1021", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.5/SCOSA-2005.5.txt", "name" : "SCOSA-2005.5", "refsource" : "SCO", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/972598", "name" : "VU#972598", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/12372", "name" : "12372", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/14012/", "name" : "14012", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19479", "name" : "openserver-scosession-gain-privilege(19479)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The scosession program in OpenServer 5.0.6 and 5.0.7 allows local users to gain privileges via crafted strings on the commandline." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.6a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2005-01-26T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1022", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2004/dsa-416", "name" : "DSA-416", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9377", "name" : "9377", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/o-048.shtml", "name" : "O-048", "refsource" : "CIAC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/3346", "name" : "3346", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14154", "name" : "fspsuite-dot-directory-traversal(14154)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in fsp before 2.81.b18 allows remote users to access files outside the FSP root directory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:debian:fsp:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.81.b18", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-20T05:00Z", "lastModifiedDate" : "2017-10-10T01:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1023", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8658", "name" : "8658", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://security.gentoo.org/glsa/glsa-200403-09.xml", "name" : "GLSA-200403-09", "refsource" : "GENTOO", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.debian.org/security/2004/dsa-424", "name" : "DSA-424", "refsource" : "DEBIAN", "tags" : [ ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2004-034.html", "name" : "RHSA-2004:034", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://rhn.redhat.com/errata/RHSA-2004-035.html", "name" : "RHSA-2004:035", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc", "name" : "20040201-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000833", "name" : "CLA-2004:833", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "http://archive.cert.uni-stuttgart.de/bugtraq/2003/09/msg00309.html", "name" : "20030919 uninitialized buffer in midnight commander", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-014.0.txt", "name" : "CSSA-2004-014.0", "refsource" : "CALDERA", "tags" : [ ] }, { "url" : "http://fedoranews.org/updates/FEDORA-2004-058.shtml", "name" : "FEDORA-2004-058", "refsource" : "FEDORA", "tags" : [ ] }, { "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2004-May/msg00002.html", "name" : "FLSA:1224", "refsource" : "FEDORA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:007", "name" : "MDKSA-2004:007", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc", "name" : "20040202-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10645", "name" : "10645", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10685", "name" : "10685", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10716", "name" : "10716", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10772", "name" : "10772", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10823", "name" : "10823", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/11219", "name" : "11219", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/11262", "name" : "11262", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/11268", "name" : "11268", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9833", "name" : "9833", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/11296", "name" : "11296", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=108118433222764&w=2", "name" : "20040405 [OpenPKG-SA-2004.009] OpenPKG Security Advisory (mc)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13247", "name" : "midnight-commander-vfssresolvesymlink-bo(13247)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A822", "name" : "oval:org.mitre.oval:def:822", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:midnight_commander:midnight_commander:4.5.52:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:midnight_commander:midnight_commander:4.5.55:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:midnight_commander:midnight_commander:4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-20T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1024", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57455", "name" : "57455", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9280", "name" : "9280", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/281356", "name" : "VU#281356", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/10486", "name" : "10486", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14065", "name" : "solaris-lsf-gain-privileges(14065)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1528", "name" : "oval:org.mitre.oval:def:1528", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the ls-F builtin function in tcsh on Solaris 8 allows local users to create or delete files as other users, and gain privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-20T05:00Z", "lastModifiedDate" : "2018-10-30T16:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1025", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/346948", "name" : "20031209 Internet Explorer URL parsing vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.zapthedingbat.com/security/ex01/vun1.htm", "name" : "http://www.zapthedingbat.com/security/ex01/vun1.htm", "refsource" : "MISC", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/652278", "name" : "VU#652278", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.us-cert.gov/cas/techalerts/TA04-033A.html", "name" : "TA04-033A", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13935", "name" : "ie-domain-url-spoofing(13935)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A526", "name" : "oval:org.mitre.oval:def:526", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A513", "name" : "oval:org.mitre.oval:def:513", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A512", "name" : "oval:org.mitre.oval:def:512", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A511", "name" : "oval:org.mitre.oval:def:511", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A510", "name" : "oval:org.mitre.oval:def:510", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A491", "name" : "oval:org.mitre.oval:def:491", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A490", "name" : "oval:org.mitre.oval:def:490", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004", "name" : "MS04-004", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a \"%01\" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the \"Improper URL Canonicalization Vulnerability.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2004-01-20T05:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1026", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/784102", "name" : "VU#784102", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu", "name" : "http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.us-cert.gov/cas/techalerts/TA04-033A.html", "name" : "TA04-033A", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://marc.info/?l=bugtraq&m=107038202225587&w=2", "name" : "20031201 Comments on 5 IE vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106979349517578&w=2", "name" : "20031125 BackToFramedJpu - a successor of BackToJpu attack", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13846", "name" : "ie-subframe-xss(13846)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805", "name" : "oval:org.mitre.oval:def:805", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774", "name" : "oval:org.mitre.oval:def:774", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745", "name" : "oval:org.mitre.oval:def:745", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689", "name" : "oval:org.mitre.oval:def:689", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687", "name" : "oval:org.mitre.oval:def:687", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643", "name" : "oval:org.mitre.oval:def:643", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630", "name" : "oval:org.mitre.oval:def:630", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004", "name" : "MS04-004", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the \"Travel Log Cross Domain Vulnerability.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2004-01-20T05:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1027", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/413886", "name" : "VU#413886", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2", "name" : "http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.us-cert.gov/cas/techalerts/TA04-033A.html", "name" : "TA04-033A", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securitytracker.com/id?1006036", "name" : "1006036", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107038202225587&w=2", "name" : "20031201 Comments on 5 IE vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106979479719446&w=2", "name" : "20031125 HijackClickV2 - a successor of HijackClick attack", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13844", "name" : "ie-method-perform-actions(13844)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629", "name" : "oval:org.mitre.oval:def:629", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534", "name" : "oval:org.mitre.oval:def:534", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532", "name" : "oval:org.mitre.oval:def:532", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531", "name" : "oval:org.mitre.oval:def:531", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530", "name" : "oval:org.mitre.oval:def:530", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529", "name" : "oval:org.mitre.oval:def:529", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527", "name" : "oval:org.mitre.oval:def:527", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004", "name" : "MS04-004", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the \"Function Pointer Drag and Drop Vulnerability.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-20T05:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1028", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.safecenter.net/UMBRELLAWEBV4/threadid10008", "name" : "http://www.safecenter.net/UMBRELLAWEBV4/threadid10008", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.osvdb.org/7890", "name" : "7890", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106979428718705&w=2", "name" : "20031125 Note for \"Invalid ContentType may disclose cache directory\"", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106979624321665&w=2", "name" : "20031125 Invalid ContentType may disclose cache directory", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107038202225587&w=2", "name" : "20031201 Comments on 5 IE vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13847", "name" : "ie-download-directory-disclosure(13847)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-01-20T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1029", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.debian.org/security/2004/dsa-425", "name" : "DSA-425", "refsource" : "DEBIAN", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:008", "name" : "MDKSA-2004:008", "refsource" : "MANDRAKE", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1008748", "name" : "1008748", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10652", "name" : "10652", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://lwn.net/Alerts/66805/", "name" : "ESA-20040119-002", "refsource" : "ENGARDE", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10668", "name" : "10668", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10636", "name" : "10636", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10718", "name" : "10718", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107213553214985&w=2", "name" : "20031221 Re: Remote crash in tcpdump from OpenBSD", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=tcpdump-workers&m=107228187124962&w=2", "name" : "[tcpdump-workers] 20031224 Seg fault of tcpdump (v 3.8.1 and below) with malformed l2tp packets", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107193841728533&w=2", "name" : "20031220 Remote crash in tcpdump from OpenBSD", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/350238/30/21640/threaded", "name" : "20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities.", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.6.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-17T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1030", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/9213", "name" : "9213", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/909678", "name" : "VU#909678", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://sh0dan.org/files/dwmrcs372.txt", "name" : "http://sh0dan.org/files/dwmrcs372.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107187110617266&w=2", "name" : "20031219 [Exploit]: DameWare Mini Remote Control Server Overflow Exploit", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107152094119279&w=2", "name" : "20031214 DameWare Mini Remote Control Server <= 3.72 Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107392603615840&w=2", "name" : "20040110 DameWare Mini Remote Control < v3.73 remote exploit by kralor]", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14001", "name" : "dameware-spoof-packet-bo(14001)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dameware_development:mini_remote_control_server:3.70_.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dameware_development:mini_remote_control_server:3.71_.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dameware_development:mini_remote_control_server:3.72_.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-17T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1031", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0078.html", "name" : "20030808 VBulletin New Member XSS Vulnerability", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) \"Interests-Hobbies\", (2) \"Biography\", or (3) \"Occupation.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-17T05:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1032", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7787", "name" : "7787", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://securitytracker.com/id?1006913", "name" : "1006913", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105484265218325&w=2", "name" : "20030605 Re: Tripbit Advisory TA-2003-05 Buffer Overflow Vulnerability in Pi3 Web", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105465813729100&w=2", "name" : "20030602 Tripbit Advisory TA-2003-05 Buffer Overflow Vulnerability in Pi3 Web", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured to use the \"Name\" column and sort using the column title as a hyperlink, allows remote attackers to cause a denial of service (crash) via a malformed URL to the web server, possibly involving a buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pi3:pi3web:2.0.2_beta_1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-17T05:00Z", "lastModifiedDate" : "2016-12-20T02:59Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1033", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7407", "name" : "7407", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://listserv.sap.com/pipermail/sapdb.sources/2003-April/000143.html", "name" : "[SAP DB Dev] 20030422 Security Alert: Development Tools", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7408", "name" : "7408", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=105103613727471&w=2", "name" : "20030422 SRT2003-04-22-1336 - SAP DB Development Tools install flaw", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11842", "name" : "sap-db-gain-privileges(11842)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:sap_db:7.3.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:sap_db:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-04-15T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1034", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7242", "name" : "7242", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=104914778303805&w=2", "name" : "20030331 SRT2003-03-31-1219 - SAP world writable server binaries", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11669", "name" : "sap-db-world-writable(11669)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sap:sap_db:7.3.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sap:sap_db:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-04-15T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1035", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7007", "name" : "7007", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004039.html", "name" : "20030304 SAP R/3, account locking and RFC SDK", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11487", "name" : "sap-sapinfo-lockout-bypass(11487)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/451378/100/0/threaded", "name" : "20061112 Old SAP exploits", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:sapgui:4.6d:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:sap_r_3:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:sapgui:4.6c:*:windows:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-04-15T04:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1036", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.phenoelit.de/stuff/Phenoelit20c3.pd", "name" : "http://www.phenoelit.de/stuff/Phenoelit20c3.pd", "refsource" : "MISC", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14186", "name" : "sap-multiple-bo(14186)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.6_pl463", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.10_pl30", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.20_pl7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-04-15T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1037", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.phenoelit.de/stuff/Phenoelit20c3.pd", "name" : "http://www.phenoelit.de/stuff/Phenoelit20c3.pd", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1009453", "name" : "1009453", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15514", "name" : "sap-wgate-format-string(15514)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high \"trace level.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.10_pl30", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.20_pl7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.6_pl463", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-04-15T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1038", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.phenoelit.de/stuff/Phenoelit20c3.pd", "name" : "http://www.phenoelit.de/stuff/Phenoelit20c3.pd", "refsource" : "MISC", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15516", "name" : "sap-agate-path-disclosure(15516)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.6_pl463", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.10_pl30", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.20_pl7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-04-15T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1039", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.phenoelit.de/stuff/Phenoelit20c3.pd", "name" : "http://www.phenoelit.de/stuff/Phenoelit20c3.pd", "refsource" : "MISC", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15513", "name" : "mysap-host-header-bo(15513)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sap:mysap_business_suite:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-04-15T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1040", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040204-01-U.asc", "name" : "20040204-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://www.novell.com/linux/security/advisories/2003_049_kernel.html", "name" : "SuSE-SA:2003:049", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-065.html", "name" : "RHSA-2004:065", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-069.html", "name" : "RHSA-2004:069", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-106.html", "name" : "RHSA-2004:106", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2004-188.html", "name" : "RHSA-2004:188", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820", "name" : "CLSA-2004:820", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15577", "name" : "linux-kmod-signals-dos(15577)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9423", "name" : "oval:org.mitre.oval:def:9423", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "http://linux.bkbits.net:8080/linux-2.4/diffs/kernel/kmod.c@1.6?nav=index.html|src/|src/kernel|hist/kernel/kmod.c", "name" : "http://linux.bkbits.net:8080/linux-2.4/diffs/kernel/kmod.c@1.6?nav=index.html|src/|src/kernel|hist/kernel/kmod.c", "refsource" : "CONFIRM", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-04-15T04:00Z", "lastModifiedDate" : "2018-08-13T21:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1041", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/348521", "name" : "20031230 IE 5.x-6.0 allows executing arbitrary programs using showHelp()", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9320", "name" : "9320", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.us-cert.gov/cas/techalerts/TA04-196A.html", "name" : "TA04-196A", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/187196", "name" : "VU#187196", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14105", "name" : "ie-showhelp-directory-traversal(14105)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A956", "name" : "oval:org.mitre.oval:def:956", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3514", "name" : "oval:org.mitre.oval:def:3514", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1943", "name" : "oval:org.mitre.oval:def:1943", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1186", "name" : "oval:org.mitre.oval:def:1186", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023", "name" : "MS04-023", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing \"..\" (dot dot) sequences and a filename that ends in \"::\" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-06-14T04:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1042", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8953", "name" : "8953", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774", "name" : "CLA-2003:774", "refsource" : "CONECTIVA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/343185", "name" : "20031103 [BUGZILLA] Security Advisory - SQL injection, information leak", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=214290", "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=214290", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13594", "name" : "bugzilla-productname-sql-injection(13594)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-08-18T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1043", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8953", "name" : "8953", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774", "name" : "CLA-2003:774", "refsource" : "CONECTIVA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/343185", "name" : "20031103 [BUGZILLA] Security Advisory - SQL injection, information leak", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=219044", "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=219044", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13596", "name" : "bugzilla-url-sql-injection(13596)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-08-18T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1044", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8953", "name" : "8953", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/343185", "name" : "20031103 [BUGZILLA] Security Advisory - SQL injection, information leak", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=219690", "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=219690", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774", "name" : "CLA-2003:774", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13597", "name" : "bugzilla-groupid-gain-privileges(13597)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-08-18T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1045", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8953", "name" : "8953", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=209376", "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=209376", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/343185", "name" : "20031103 [BUGZILLA] Security Advisory - SQL injection, information leak", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774", "name" : "CLA-2003:774", "refsource" : "CONECTIVA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13600", "name" : "bugzilla-obtain-information(13600)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-08-18T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1046", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8953", "name" : "8953", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/343185", "name" : "20031103 [BUGZILLA] Security Advisory - SQL injection, information leak", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=209742", "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=209742", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13602", "name" : "bugzilla-describecomponents-obtain-info(13602)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-08-18T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1047", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0540. Reason: This candidate is a duplicate of CVE-2004-0540. Notes: All CVE users should reference CVE-2004-0540 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2004-08-06T04:00Z", "lastModifiedDate" : "2008-09-10T19:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1048", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8530", "name" : "8530", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/685364", "name" : "VU#685364", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009445.html", "name" : "20030902 New Microsoft Internet Explorer mshtml.dll Denial of Service?", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009473.html", "name" : "20040902 AW: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009506.html", "name" : "20040903 Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.us-cert.gov/cas/techalerts/TA04-212A.html", "name" : "TA04-212A", "refsource" : "CERT", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/o-191.shtml", "name" : "O-191", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16804", "name" : "ie-mshtml-gif-bo(16804)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A517", "name" : "oval:org.mitre.oval:def:517", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A509", "name" : "oval:org.mitre.oval:def:509", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A236", "name" : "oval:org.mitre.oval:def:236", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A212", "name" : "oval:org.mitre.oval:def:212", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2100", "name" : "oval:org.mitre.oval:def:2100", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A206", "name" : "oval:org.mitre.oval:def:206", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1793", "name" : "oval:org.mitre.oval:def:1793", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-025", "name" : "MS04-025", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2000:sr1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2002:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2002:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2000:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2000:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-07-27T04:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1049", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY44841&apar=only", "name" : "IY44841", "refsource" : "AIXAPAR", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9243", "name" : "9243", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY44842&apar=only", "name" : "IY44842", "refsource" : "AIXAPAR", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14030", "name" : "db2-dms-insecure-permissions(14030)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.0:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:8.0:*:linux:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-09-28T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1050", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/343804", "name" : "20031108 SRT2003-11-06-0710 - IBM DB2 Multiple local security issues", "refsource" : "BUGTRAQ", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8990", "name" : "8990", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt", "name" : "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13633", "name" : "db2-multiple-binaries-bo(13633)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:ibm:db2:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-09-28T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1051", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/343804", "name" : "20031108 SRT2003-11-06-0710 - IBM DB2 Multiple local security issues", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8989", "name" : "8989", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt", "name" : "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13633", "name" : "db2-multiple-binaries-bo(13633)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:db2:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-09-28T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1052", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/331904", "name" : "20030805 Slight privilege elevation from bin to root in IBM DB2 7.1 - 8.1 all binaries", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8346", "name" : "8346", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12826", "name" : "ibm-db2-gain-privileges(12826)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:db2:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.0:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:8.0:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:8.1:*:aix:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:8.2:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.1:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.2:*:linux:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-09-28T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1053", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=213957", "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=213957", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.vuxml.org/freebsd/56971fa6-641c-11d9-a097-000854d03344.html", "name" : "http://www.vuxml.org/freebsd/56971fa6-641c-11d9-a097-000854d03344.html", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8770", "name" : "8770", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8776", "name" : "8776", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/9950", "name" : "9950", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13359", "name" : "xshisen-xshisenlib-bo(13359)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13358", "name" : "xshisen-kconv-bo(13358)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in XShisen allow attackers to execute arbitrary code via a long (1) -KCONV command line option or (2) XSHISENLIB environment variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xshisen:xshisen:1.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-03T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1054", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004555.html", "name" : "20030416 [VulnWatch] Apache mod_access_referer denial of service issue", "refsource" : "FULLDISC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://sourceforge.net/project/shownotes.php?release_id=151905", "name" : "http://sourceforge.net/project/shownotes.php?release_id=151905", "refsource" : "MISC", "tags" : [ "Patch" ] }, { "url" : "http://www.vuxml.org/freebsd/af747389-42ba-11d9-bd37-00065be4b5b6.html", "name" : "http://www.vuxml.org/freebsd/af747389-42ba-11d9-bd37-00065be4b5b6.html", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7375", "name" : "7375", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/8612", "name" : "8612", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_access_referer:mod_access_referer:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-16T04:00Z", "lastModifiedDate" : "2008-09-05T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1055", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52222-1", "name" : "52222", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.auscert.org.au/render.html?it=3224", "name" : "ESB-2003.0461", "refsource" : "AUSCERT", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-113.shtml", "name" : "N-113", "refsource" : "CIAC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7064", "name" : "7064", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securitytracker.com/id?1006401", "name" : "1006401", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11641", "name" : "solaris-nssldapso1-bo(11641)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an LDAP lookup." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-03T04:00Z", "lastModifiedDate" : "2018-10-30T16:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1056", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57443-1", "name" : "57443", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.auscert.org.au/render.html?it=3688", "name" : "ESB-2003.0851", "refsource" : "AUSCERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10411", "name" : "10411", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9199", "name" : "9199", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/2955", "name" : "2955", "refsource" : "OSVDB", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13952", "name" : "solaris-ed1-tmpfile-insecure(13952)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-11T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1057", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57441-1", "name" : "57441", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.auscert.org.au/render.html?it=3675", "name" : "ESB-2003.0844", "refsource" : "AUSCERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/o-035.shtml", "name" : "O-035", "refsource" : "CIAC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10384", "name" : "10384", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/2924", "name" : "2924", "refsource" : "OSVDB", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9170", "name" : "9170", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13914", "name" : "cde-dtprintinfo-gain-privileges(13914)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-08T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1058", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57419-1", "name" : "57419", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/o-033.shtml", "name" : "O-033", "refsource" : "CIAC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/2892", "name" : "2892", "refsource" : "OSVDB", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10346", "name" : "10346", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9147", "name" : "9147", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13890", "name" : "solaris-xsun-gain-privileges(13890)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 3.7 }, "severity" : "LOW", "exploitabilityScore" : 1.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-03T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1059", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57360-1", "name" : "57360", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/o-029.shtml", "name" : "O-029", "refsource" : "CIAC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9076", "name" : "9076", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/2839", "name" : "2839", "refsource" : "OSVDB", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10267", "name" : "10267", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13792", "name" : "solaris-pgx32-gain-privileges(13792)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the libraries for the PGX32 frame buffer in Solaris 2.5.1 and 2.6 through 9 allows local users to gain root access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-20T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1060", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57406-1", "name" : "57406", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8929", "name" : "8929", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13547", "name" : "solaris-nfs-ufs-dos(13547)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-27T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1061", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57080-1", "name" : "57080", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8836", "name" : "8836", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13434", "name" : "solaris-race-dos(13434)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 1.2 }, "severity" : "LOW", "exploitabilityScore" : 1.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-14T04:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1062", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57340-1", "name" : "57340", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8831", "name" : "8831", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10006/", "name" : "10006", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13435", "name" : "solaris-sysinfo-read-memory(13435)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the sysinfo system call for Solaris for SPARC 2.6 through 9, and Solaris for x86 2.6, 7, and 8, allows local users to read kernel memory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-15T04:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1063", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56300-1", "name" : "56300", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-134.shtml", "name" : "N-134", "refsource" : "CIAC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8461", "name" : "8461", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12942", "name" : "solaris-cachefs-inetdconf-overwrite(12942)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-20T04:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1064", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55301-1", "name" : "55301", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/370060", "name" : "VU#370060", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8250", "name" : "8250", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12680", "name" : "solaris-ipv6-packet-dos(12680)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Solaris 8 with IPv6 enabled allows remote attackers to cause a denial of service (kernel panic) via a crafted IPv6 packet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-23T04:00Z", "lastModifiedDate" : "2018-10-30T16:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1065", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55340-1", "name" : "55340", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8253", "name" : "8253", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19441", "name" : "openssh-ldap-dos(19441)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19437", "name" : "automountd-dos(19437)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in patches 108993-14 through 108993-19 and 108994-14 through 108994-19 for Solaris 8 may allow local users to cause a denial of service (automountd crash)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-07-23T04:00Z", "lastModifiedDate" : "2018-10-30T16:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1066", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/324015", "name" : "20030604 Solaris syslogd overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55440-1", "name" : "55440", "refsource" : "SUNALERT", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7820", "name" : "7820", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/8944/", "name" : "8944", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12194", "name" : "sun-syslogd-bo(12194)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1067", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55420-1", "name" : "55420", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-108.shtml", "name" : "N-108", "refsource" : "CIAC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7991", "name" : "7991", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/9088/", "name" : "9088", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/64758", "name" : "64758", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12379", "name" : "sun-database-functions-bo(12379)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-19T04:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1068", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55260-1", "name" : "55260", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/8957/", "name" : "8957", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-105.shtml", "name" : "N-105", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7835", "name" : "7835", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11083", "name" : "solaris-utmp-update-bo(11083)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-06T04:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1069", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54181-1", "name" : "54181", "refsource" : "SUNALERT", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7794", "name" : "7794", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/8935/", "name" : "8935", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12140", "name" : "sun-intelnetd-dos(12140)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-03T04:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1070", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50922-1", "name" : "50922", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7455", "name" : "7455", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/8685/", "name" : "8685", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11906", "name" : "sun-rpcbind-dos(11906)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-28T04:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1071", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/305105", "name" : "20030103 Solaris 2.x /usr/sbin/wall Advisory", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-51980-1", "name" : "51980", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/944241", "name" : "VU#944241", "refsource" : "CERT-VN", "tags" : [ "Exploit", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/7825/", "name" : "7825", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6509", "name" : "6509", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005882", "name" : "1005882", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006682", "name" : "1006682", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11608", "name" : "solaris-wall-message-spoofing(11608)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-01-03T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1072", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54100-1", "name" : "54100", "refsource" : "SUNALERT", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/8686/", "name" : "8686", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7454", "name" : "7454", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11895", "name" : "sun-lofiadm-dos(11895)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service (kernel memory consumption)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-04-28T04:00Z", "lastModifiedDate" : "2018-10-30T16:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1073", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50161-1", "name" : "50161", "refsource" : "SUNALERT", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/7960/", "name" : "7960", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/archive/1/308577", "name" : "20030127 Sun Microsystems Solaris at -r job name handling and race condition vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0044.html", "name" : "20030127 Sun Microsystems Solaris at -r job name handling and race condition vulnerabilities", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://isec.pl/vulnerabilities/isec-0008-sun-at.txt", "name" : "http://isec.pl/vulnerabilities/isec-0008-sun-at.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-070.shtml", "name" : "N-070", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6692", "name" : "6692", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6693", "name" : "6693", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005994", "name" : "1005994", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11180", "name" : "solaris-at-race-condition(11180)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11179", "name" : "solaris-at-directory-traversal(11179)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 1.2 }, "severity" : "LOW", "exploitabilityScore" : 1.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1074", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52111-1", "name" : "52111", "refsource" : "SUNALERT", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-069.shtml", "name" : "N-069", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8454/", "name" : "8454", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7252", "name" : "7252", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006411", "name" : "1006411", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11657", "name" : "solaris-newtask-root-access(11657)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in newtask for Solaris 9 allows local users to gain root privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-28T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1075", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50240-1", "name" : "50240", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/7968/", "name" : "7968", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6709", "name" : "6709", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005996", "name" : "1005996", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11186", "name" : "solaris-ftpd-dos(11186)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-01-27T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1076", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50904-1", "name" : "50904", "refsource" : "SUNALERT", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-050.shtml", "name" : "N-050", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8235/", "name" : "8235", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7033", "name" : "7033", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006234", "name" : "1006234", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11496", "name" : "solaris-sendmail-forward-privileges(11496)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly gain privileges via certain constructs in a .forward file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1077", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-51300-1", "name" : "51300", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/8234/", "name" : "8234", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7032", "name" : "7032", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006233", "name" : "1006233", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11481", "name" : "solaris-ufs-logging-dos(11481)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-05T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1078", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-51081-1", "name" : "51081", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/8186/", "name" : "8186", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6989", "name" : "6989", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006195", "name" : "1006195", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11436", "name" : "solaris-ftp-plaintext-password(11436)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-28T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1079", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50626-1", "name" : "50626", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/8092/", "name" : "8092", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6883", "name" : "6883", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006131", "name" : "1006131", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11368", "name" : "solaris-udp-rpc-dos(11368)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-18T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1080", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50751-1", "name" : "50751", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/8058/", "name" : "8058", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6838", "name" : "6838", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006084", "name" : "1006084", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11303", "name" : "solaris-mail-unauthorized-access(11303)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 1.2 }, "severity" : "LOW", "exploitabilityScore" : 1.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-11T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1081", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-46903-1", "name" : "46903", "refsource" : "SUNALERT", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.auscert.org.au/render.html?it=3411&cid=1", "name" : "ESB-2003.0621", "refsource" : "AUSCERT", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/464817", "name" : "VU#464817", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/o-001.shtml", "name" : "O-001", "refsource" : "CIAC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/5698", "name" : "5698", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10105", "name" : "solaris-aspppls-tmpfile-symlink(10105)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .asppp.fifo temporary file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-09-09T04:00Z", "lastModifiedDate" : "2018-10-30T16:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1082", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50008-1", "name" : "50008", "refsource" : "SUNALERT", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/596748", "name" : "VU#596748", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-105.shtml", "name" : "N-105", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6639", "name" : "6639", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7892", "name" : "7892", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005935", "name" : "1005935", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11083", "name" : "solaris-utmp-update-bo(11083)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1083", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/345417", "name" : "20031124 Monit 4.1 HTTP interface multiple security vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.tildeslash.com/monit/dist/CHANGES.txt", "name" : "http://www.tildeslash.com/monit/dist/CHANGES.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://security.gentoo.org/glsa/glsa-200403-14.xml", "name" : "GLSA-200403-14", "refsource" : "GENTOO", "tags" : [ "Patch" ] }, { "url" : "http://www.kb.cert.org/vuls/id/623854", "name" : "VU#623854", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/9099", "name" : "9099", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://secunia.com/advisories/10280", "name" : "10280", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13817", "name" : "monit-http-bo(13817)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:1.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1084", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/345417", "name" : "20031124 Monit 4.1 HTTP interface multiple security vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.tildeslash.com/monit/dist/CHANGES.txt", "name" : "http://www.tildeslash.com/monit/dist/CHANGES.txt", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://security.gentoo.org/glsa/glsa-200403-14.xml", "name" : "GLSA-200403-14", "refsource" : "GENTOO", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/206382", "name" : "VU#206382", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/9098", "name" : "9098", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10280", "name" : "10280", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13818", "name" : "monit-negative-content-dos(13818)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:1.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tildeslash:monit:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-24T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1085", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/345414", "name" : "20031123 Thomnson TCM315 Denial of service", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.shellsec.net/leer_advisory.php?id=2", "name" : "http://www.shellsec.net/leer_advisory.php?id=2", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/014062.html", "name" : "20031123 Thomnson TCM315 Denial of service", "refsource" : "FULLDISC", "tags" : [ "Exploit" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/014068.html", "name" : "20031124 Thomnson TCM315 Denial of service", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/9091", "name" : "9091", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/10286", "name" : "10286", "refsource" : "SECUNIA", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/14353", "name" : "14353", "refsource" : "SECUNIA", "tags" : [ "Exploit" ] }, { "url" : "http://marc.info/?l=bugtraq&m=110888093214678&w=2", "name" : "20050219 Re: [Full-Disclosure] Thomson TCW690 Denial Of Service Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=full-disclosure&m=110880725322192&w=2", "name" : "20050219 Thomson TCW690 Denial Of Service Vulnerability", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13815", "name" : "thomson-http-get-dos(13815)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:thomson:tcm_cable_modem:305:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:thomson:tcm_cable_modem:315:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:thomson:tcw_cable_modem:690:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:thomson:tcw_cable_modem:690_st42.03.0a:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1086", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.pmachine.com/forum/threads.php?id=7274_0_13_0_C", "name" : "http://www.pmachine.com/forum/threads.php?id=7274_0_13_0_C", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105638414205498&w=2", "name" : "20030623 pMachine (PHP) : Include() Security Hole", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine Free and pMachine Pro 2.2 and 2.2.1 allows remote attackers to execute arbitrary PHP code by modifying the pm_path parameter to reference a URL on a remote web server that contains the code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pmachine:pmachine_pro:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pmachine:pmachine_pro:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pmachine:pmachine_free:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-17T04:00Z", "lastModifiedDate" : "2016-10-18T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1087", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7827", "name" : "7827", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/8971", "name" : "8971", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "http://marc.info/?l=bugtraq&m=109292319608851&w=2", "name" : "SSRT3460", "refsource" : "HP", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12199", "name" : "hp-diagmond-dos(12199)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in diagmond and possibly other applications in HP9000 Series 700/800 running HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows remote attackers to cause a denial of service (program failure) via certain network traffic." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1088", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://securitytracker.com/id?1013365", "name" : "1013365", "refsource" : "SECTRACK", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8388", "name" : "8388", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/9497", "name" : "9497", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106063199925536&w=2", "name" : "20030811 ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12867", "name" : "zorum-index-xss(12867)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpoutsourcing:zorum:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpoutsourcing:zorum:3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpoutsourcing:zorum:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpoutsourcing:zorum:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpoutsourcing:zorum:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpoutsourcing:zorum:3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-11T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1089", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://securitytracker.com/id?1013365", "name" : "1013365", "refsource" : "SECTRACK", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8396", "name" : "8396", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106063199925536&w=2", "name" : "20030811 ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12868", "name" : "zorum-index-path-disclosure(12868)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "index.php for Zorum 3.4 allows remote attackers to determine the full path of the web root via invalid parameter names, which reveals the path in a PHP error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpoutsourcing:zorum:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1090", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/666073", "name" : "VU#666073", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6785", "name" : "6785", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/16024", "name" : "16024", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104454984001076&w=2", "name" : "20030206 AbsoluteTelnet 2.00 buffer overflow.", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11265", "name" : "absolutetelnet-title-bar-bo(11265)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote attackers to execute arbitrary code via a long window title." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:celestial_software:absolutetelnet:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:celestial_software:absolutetelnet:2.11:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-06T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1091", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-05/0245.html", "name" : "20030522 QuickTime/Darwin Streaming Server security issues", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.kb.cert.org/vuls/id/148564", "name" : "VU#148564", "refsource" : "CERT-VN", "tags" : [ "US Government Resource", "Third Party Advisory" ] }, { "url" : "http://securitytracker.com/id?1006822", "name" : "1006822", "refsource" : "SECTRACK", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7660", "name" : "7660", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12054", "name" : "darwin-mp3broadcaster-code-execution(12054)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streaming Server 4.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed ID3 tags in MP3 files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:apple:quicktime_broadcaster:4.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1092", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/313847", "name" : "OpenPKG-SA-2003.017", "refsource" : "OPENPKG", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/100937", "name" : "VU#100937", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7009", "name" : "7009", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11488", "name" : "file-afctr-memory-allocation(11488)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the \"Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to \"a memory allocation problem,\" has unknown impact." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:christos_zoulas:file_1:3.35:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:christos_zoulas:file_1:3.36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:christos_zoulas:file_1:3.33:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:christos_zoulas:file_1:3.34:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:christos_zoulas:file_1:3.28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:christos_zoulas:file_1:3.37:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:christos_zoulas:file_1:3.39:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:christos_zoulas:file_1:3.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:christos_zoulas:file_1:3.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:christos_zoulas:file_1:3.40:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1093", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-24.jsp", "name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-24.jsp", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/331937", "name" : "VU#331937", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6586", "name" : "6586", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11057", "name" : "weblogic-error-password-disclosure(11057)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1094", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-35.jsp", "name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-35.jsp", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/999788", "name" : "VU#999788", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8320", "name" : "8320", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12799", "name" : "weblogic-gain-privileges(12799)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1095", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-27.jsp", "name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-27.jsp", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/691153", "name" : "VU#691153", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7130", "name" : "7130", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11555", "name" : "weblogic-app-reauthentication-bypass(11555)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using \"memory\" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-18T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1096", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml", "name" : "20030803 Dictionary Attack on Cisco LEAP Vulnerability", "refsource" : "CISCO", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/340365", "name" : "20031006 Weaknesses in LEAP Challenge/Response", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/340119", "name" : "20031003 Dictionary attack against Cisco's LEAP, Wireless LANs vulnerable", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/473108", "name" : "VU#473108", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8755", "name" : "8755", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/15209", "name" : "15209", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=108135227731965&w=2", "name" : "20040407 Release of Cisco Attack tool Asleap", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12804", "name" : "cisco-leap-dictionary(12804)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:leap:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1097", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-04/0374.html", "name" : "20030429 HPUX rexec buffer overflow vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.kb.cert.org/vuls/id/CRDY-5MJKM4", "name" : "HPSBUX0304-257", "refsource" : "HP", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/322540", "name" : "VU#322540", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-088.shtml", "name" : "N-088", "refsource" : "CIAC", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7459", "name" : "7459", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11890", "name" : "hp-rexec-command-bo(11890)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5611", "name" : "oval:org.mitre.oval:def:5611", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.34:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.26:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1098", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/IAFY-5HVQDJ", "name" : "HPSBUX0301-238", "refsource" : "HP", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/862401", "name" : "VU#862401", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6638", "name" : "6638", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.securitytracker.com/id?1005936", "name" : "1005936", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11094", "name" : "hp-xserver-gain-privileges(11094)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5765", "name" : "oval:org.mitre.oval:def:5765", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Xserver for HP-UX 11.22 was not properly built, which introduced a vulnerability that allows local users to gain privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1099", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/CRDY-5VFQA3", "name" : "HPSBUX0312-304", "refsource" : "HP", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/509454", "name" : "VU#509454", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/o-032.shtml", "name" : "O-032", "refsource" : "CIAC", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/9141", "name" : "9141", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/10339", "name" : "10339", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13882", "name" : "hp-shar-tmpfile-symlink(13882)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5788", "name" : "oval:org.mitre.oval:def:5788", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1100", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.procheckup.com/security_info/vuln_pr0305.html", "name" : "http://www.procheckup.com/security_info/vuln_pr0305.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/488684", "name" : "VU#488684", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8815", "name" : "8815", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9985", "name" : "9985", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13399", "name" : "hummingbird-docsfusionserver-multiple-xss(13399)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:3.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:3.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1101", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.procheckup.com/security_info/vuln_pr0303.html", "name" : "http://www.procheckup.com/security_info/vuln_pr0303.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/715548", "name" : "VU#715548", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8816", "name" : "8816", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9985", "name" : "9985", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13398", "name" : "Hummingbird-docsfusionserver-disclose-path(13398)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:3.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:3.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1102", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.procheckup.com/security_info/vuln_pr0302.html", "name" : "http://www.procheckup.com/security_info/vuln_pr0302.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/989580", "name" : "VU#989580", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/9985", "name" : "9985", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13397", "name" : "Hummingbird-docsfusionserver-file-access(13397)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:3.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1103", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.procheckup.com/security_info/vuln_pr0304.html", "name" : "http://www.procheckup.com/security_info/vuln_pr0304.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/368300", "name" : "VU#368300", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/8800", "name" : "8800", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9985", "name" : "9985", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13401", "name" : "hummingbird-docsfusionserver-sql-injection(13401)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS before 3.9 allows remote attackers to execute arbitrary SQL commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:3.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1104", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-03/0307.html", "name" : "20030320 IBM Tivoli Firewall Security Toolbox buffer overflow vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Patch" ] }, { "url" : "http://www.kb.cert.org/vuls/id/210937", "name" : "VU#210937", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7154", "name" : "7154", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/8349", "name" : "8349", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11584", "name" : "tivoli-tfst-relay-bo(11584)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remote attackers to execute arbitrary code via unknown vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_firewall_toolbox:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1105", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/813208", "name" : "VU#813208", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13029", "name" : "ie-input-type-dos(13029)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032", "name" : "MS03-032", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.01:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.6 }, "severity" : "LOW", "exploitabilityScore" : 4.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1106", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.microsoft.com/default.aspx?kbid=330716", "name" : "330716", "refsource" : "MSKB", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/155252", "name" : "VU#155252", "refsource" : "CERT-VN", "tags" : [ "US Government Resource", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8195", "name" : "8195", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1107", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.microsoft.com/default.aspx?scid=kb;en-us;828026", "name" : "828026", "refsource" : "MSKB", "tags" : [ "Patch" ] }, { "url" : "http://www.kb.cert.org/vuls/id/222044", "name" : "VU#222044", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13375", "name" : "mediaplayer-dhtml-code-execution(13375)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:windows_media_player:7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:windows_media_player:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:windows_media_player:6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:windows_media_player:9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.1 }, "severity" : "MEDIUM", "exploitabilityScore" : 4.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1108", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-06.html", "name" : "CA-2003-06", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/528719", "name" : "VU#528719", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6904", "name" : "6904", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379", "name" : "sip-invite(11379)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5831", "name" : "oval:org.mitre.oval:def:5831", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alcatel-lucent:omnipcx:5.0:*:linux:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1109", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml", "name" : "20030221 Multiple Product Vulnerabilities Found by PROTOS SIP Test Suite", "refsource" : "CISCO", "tags" : [ "Patch" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-06.html", "name" : "CA-2003-06", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/528719", "name" : "VU#528719", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6904", "name" : "6904", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.securitytracker.com/id?1006143", "name" : "1006143", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006144", "name" : "1006144", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006145", "name" : "1006145", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379", "name" : "sip-invite(11379)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xd:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xd1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xq:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xs:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xs1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xb3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xb4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xi1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xi2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xu:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xu2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xe:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xg:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xl:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xh3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xe2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xn:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xi:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xm:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xa5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xh:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xt:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xt3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xn:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xd:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xe3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xf:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xq:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xe:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xb:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xa1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xr:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xd3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xk:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xj:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xh:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xj1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xb:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)t4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xw:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xd4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xh2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xh:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xk:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xc:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xj:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xk2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(11\\)t:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xs:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xi:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xf:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xa:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xg:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xt:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(2\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(1.200\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(2\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:ip_phone_7940:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:ip_phone_7960:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(6\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(3\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(3.210\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(5\\):*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(7\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1110", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.cs.columbia.edu/~xiaotaow/sipc/ouspg.html", "name" : "http://www.cs.columbia.edu/~xiaotaow/sipc/ouspg.html", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://securitytracker.com/id?1006167", "name" : "1006167", "refsource" : "SECTRACK", "tags" : [ "Patch" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-06.html", "name" : "CA-2003-06", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/528719", "name" : "VU#528719", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6904", "name" : "6904", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379", "name" : "sip-invite(11379)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Session Initiation Protocol (SIP) implementation in Columbia SIP User Agent (sipc) 1.74 and other versions before sipc 2.0 build 2003-02-21 allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:columbia_university:sipc:1.74:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1111", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.dynamicsoft.com/support/advisory/ca-2003-06.php", "name" : "http://www.dynamicsoft.com/support/advisory/ca-2003-06.php", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-06.html", "name" : "CA-2003-06", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/528719", "name" : "VU#528719", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6904", "name" : "6904", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379", "name" : "sip-invite(11379)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Session Initiation Protocol (SIP) implementation in multiple dynamicsoft products including y and certain demo products for AppEngine allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dynamicsoft:appengine:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1112", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-06.html", "name" : "CA-2003-06", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/528719", "name" : "VU#528719", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6904", "name" : "6904", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379", "name" : "sip-invite(11379)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Session Initiation Protocol (SIP) implementation in Ingate Firewall and Ingate SIParator before 3.1.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:ingate:ingate_firewall:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:ingate:ingate_siparator:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1113", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.iptel.org/ser/security/", "name" : "http://www.iptel.org/ser/security/", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.cert.org/advisories/CA-2003-06.html", "name" : "CA-2003-06", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/528719", "name" : "VU#528719", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6904", "name" : "6904", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379", "name" : "sip-invite(11379)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Session Initiation Protocol (SIP) implementation in IPTel SIP Express Router 0.8.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:iptel:sip_express_router:0.8.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:iptel:sip_express_router:0.8.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1114", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-06.html", "name" : "CA-2003-06", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/528719", "name" : "VU#528719", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6904", "name" : "6904", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379", "name" : "sip-invite(11379)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Session Initiation Protocol (SIP) implementation in Mediatrix Telecom VoIP Access Devices and Gateways running SIPv2.4 and SIPv4.3 firmware allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:mediatrix_telecom:voip_access_devices_and_gateways:sipv2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:mediatrix_telecom:voip_access_devices_and_gateways:sipv2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1115", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.cert.org/advisories/CA-2003-06.html", "name" : "CA-2003-06", "refsource" : "CERT", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/528719", "name" : "VU#528719", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/6904", "name" : "6904", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379", "name" : "sip-invite(11379)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:nortel:succession_communication_server_2000:*:*:compact:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:nortel:succession_communication_server_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1116", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.integrigy.com/alerts/FNDFS_Vulnerability.htm", "name" : "http://www.integrigy.com/alerts/FNDFS_Vulnerability.htm", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://otn.oracle.com/deploy/security/pdf/2003alert53.pdf", "name" : "http://otn.oracle.com/deploy/security/pdf/2003alert53.pdf", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/168873", "name" : "VU#168873", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://securitytracker.com/id?1006550", "name" : "1006550", "refsource" : "SECTRACK", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7325", "name" : "7325", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105012832418415&w=2", "name" : "20030411 Integrigy Security Advisory - Oracle Applications FNDFS Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11768", "name" : "oracle-rra-authentication-bypass(11768)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:10.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1117", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://service.real.com/help/faq/security/bufferoverflow.html", "name" : "http://service.real.com/help/faq/security/bufferoverflow.html", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.kb.cert.org/vuls/id/143627", "name" : "VU#143627", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/912219", "name" : "VU#912219", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://securitytracker.com/id?1003604", "name" : "1003604", "refsource" : "SECTRACK", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11362", "name" : "realsystem-malformed-url-bo(11362)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem Proxy 8.x, related to URL error handling, allows remote attackers to cause a denial of service and possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realsystem_server:7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realsystem_server:8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realsystem_proxy:8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realsystem_server:6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1118", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004383.html", "name" : "20030406 Seti@home information leakage and remote compromise", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/146785", "name" : "VU#146785", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7292", "name" : "7292", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11731", "name" : "seti@home-newline-bo(11731)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the SETI@home client 3.03 and other versions allows remote attackers to cause a denial of service (client crash) and execute arbitrary code via a spoofed server response containing a long string followed by a \\n (newline) character." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_california:seti_at_home:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_california:seti_at_home:3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_california:seti_at_home:3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_california:seti_at_home:3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:university_of_california:seti_at_home:3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1119", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ssh.com/company/newsroom/article/476/", "name" : "http://www.ssh.com/company/newsroom/article/476/", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.kb.cert.org/vuls/id/333980", "name" : "VU#333980", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SSH Secure Shell before 3.2.9 allows remote attackers to cause a denial of service via malformed BER/DER packets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ssh:secure_shell:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ssh:secure_shell:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1120", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ssh.com/company/newsroom/article/520/", "name" : "http://www.ssh.com/company/newsroom/article/520/", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.kb.cert.org/vuls/id/814198", "name" : "VU#814198", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/9956", "name" : "9956", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://securitytracker.com/alerts/2004/Mar/1009532.html", "name" : "1009532", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/11193", "name" : "11193", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=4491", "name" : "4491", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15585", "name" : "sshtectiaserver-passwdplugin-race-condition(15585)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ssh:tectia_server:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ssh:tectia_server:4.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 3.7 }, "severity" : "LOW", "exploitabilityScore" : 1.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1121", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/CRDY-5EXQRP", "name" : "http://www.kb.cert.org/vuls/id/CRDY-5EXQRP", "refsource" : "CONFIRM", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/CRDY-5EXQSV", "name" : "http://www.kb.cert.org/vuls/id/CRDY-5EXQSV", "refsource" : "CONFIRM", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/609137", "name" : "VU#609137", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/231705", "name" : "VU#231705", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7475", "name" : "7475", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7477", "name" : "7477", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11921", "name" : "scriptlogic-runadmin-admin-access(11921)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11920", "name" : "scriptlogic-rpc-modify-registry(11920)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Services in ScriptLogic 4.01, and possibly other versions before 4.14, process client requests at raised privileges, which allows remote attackers to (1) modify arbitrary registry entries via the ScriptLogic RPC service (SLRPC) or (2) modify arbitrary configuration via the RunAdmin services (SLRAserver.exe and SLRAclient.exe)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:scriptlogic:scriptlogic:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1122", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/CRDY-5EXQT9", "name" : "http://www.kb.cert.org/vuls/id/CRDY-5EXQT9", "refsource" : "MISC", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/813737", "name" : "VU#813737", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7476", "name" : "7476", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11922", "name" : "scriptlogic-logs$-insecure-permissions(11922)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ScriptLogic 4.01, and possibly other versions before 4.14, uses insecure permissions for the LOGS$ share, which allows users to modify log records and possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:scriptlogic:scriptlogic:4.01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1123", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55100-1", "name" : "55100", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/393292", "name" : "VU#393292", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://securitytracker.com/id?1006935", "name" : "1006935", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7824", "name" : "7824", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://secunia.com/advisories/8958", "name" : "8958", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12189", "name" : "sun-applet-access-information(12189)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.2.2_10:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.2.2_11:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.0_05:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.0_05:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_04:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.2.2:update10:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.2.2:update10:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.2.2_11:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.2.2_11:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.0_05:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1_03:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.0_01:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.0_01:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_01:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1_03:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1:update1:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4.0_01:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update2:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1:update1:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.2.2:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.2.2:update10:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.2.2_003:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.0_02:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.2.2_12:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update5:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update2:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_01:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.2.2_10:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.2.2_10:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.2.2_011:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.0_02:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.2.2_011:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_03:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1:update1:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_03:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1:update4:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.2.2:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1:update4:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_03:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update5:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.2.2:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.2.2_011:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_01a:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update4:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update5:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.0_02:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update2:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1_03:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.2.2_012:*:solaris:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1124", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/758932", "name" : "VU#758932", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55141-1", "name" : "55141", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7960", "name" : "7960", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/9073", "name" : "9073", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12343", "name" : "sunmc-files-writable-permissions(12343)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and 3.0 Revenue Release (RR), when installed and run by root, allows local users to create or modify arbitrary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:management\\+center:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:management\\+center:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:management\\+center:3.0_revenue_release:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1125", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52102-1", "name" : "52102", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/195644", "name" : "VU#195644", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, 5.0, and 5.1 allows LDAP clients to cause a denial of service (service halt)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_directory_server:4.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_directory_server:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_directory_server:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1126", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56180-1", "name" : "56180", "refsource" : "SUNALERT", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/636964", "name" : "VU#636964", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://secunia.com/advisories/9541", "name" : "9541", "refsource" : "SECUNIA", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1127", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.procheckup.com/security_info/vuln_pr0307.html", "name" : "http://www.procheckup.com/security_info/vuln_pr0307.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/371470", "name" : "VU#371470", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/9431", "name" : "9431", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14869", "name" : "egap-url-information-disclosure(14869)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers to obtain the source code for the login page via the HTTP TRACE method, which bypasses the preprocessor." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:whale_communications:e-gap:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1128", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.x2studios.com/index.php?page=kb&id=16", "name" : "http://www.x2studios.com/index.php?page=kb&id=16", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/583020", "name" : "VU#583020", "refsource" : "CERT-VN", "tags" : [ "Exploit", "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7534", "name" : "7534", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/8775", "name" : "8775", "refsource" : "SECUNIA", "tags" : [ "Exploit", "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12139", "name" : "xmms-remote-command-execution(12139)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between 4 AM 11 AM PST on May 7, 2003, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to TCP port 8086." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x2_studios:xmms_remote:0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1129", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://help.yahoo.com/help/us/mesg/use/use-45.html", "name" : "http://help.yahoo.com/help/us/mesg/use/use-45.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/323439", "name" : "20030530 Yahoo! Security Advisory: Yahoo! Voice Chat", "refsource" : "BUGTRAQ", "tags" : [ "Patch" ] }, { "url" : "http://www.kb.cert.org/vuls/id/272644", "name" : "VU#272644", "refsource" : "CERT-VN", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.securityfocus.com/bid/7561", "name" : "7561", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8924", "name" : "8924", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12130", "name" : "yahoo-audio-bo(12130)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yahoo:audio_conferencing_activex_control:1.0.0.43:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.6 }, "severity" : "LOW", "exploitabilityScore" : 4.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1130", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-1071. Reason: This candidate is a duplicate of CVE-2003-1071. Notes: All CVE users should reference CVE-2003-1071 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-10T19:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1131", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/348359", "name" : "20031224 Remote Code Execution in Knowledge Builder.", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/9292", "name" : "9292", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://secunia.com/advisories/10504", "name" : "10504", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/3228", "name" : "3228", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=111066494323543&w=2", "name" : "20050312 KnowledgeBase", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14078", "name" : "knowledgebuilder-indexphp-file-include(14078)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PHP remote file inclusion vulnerability in index.php in KnowledgeBuilder, referred to as KnowledgeBase, allows remote attackers to execute arbitrary PHP code by modifying the page parameter to reference a URL on a remote web server that contains the code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:activecampaign:knowledgebuilder:3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:activecampaign:knowledgebuilder:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:activecampaign:knowledgebuilder:2.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:activecampaign:knowledgebuilder:2.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1132", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030430-dns.shtml", "name" : "20041008 Cisco Content Service Switch 11000 Series DNS Negative Cache of Information Denial-of-Service Vulnerability", "refsource" : "CISCO", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.kb.cert.org/vuls/id/714121", "name" : "VU#714121", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or \"Name Error\") instead of response code 0 (\"No Error\"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:content_services_switch_11000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1133", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342485", "name" : "20031025 Some serious security holes in 'The Bat!'", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8891", "name" : "8891", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1008004", "name" : "1008004", "refsource" : "SECTRACK", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13527", "name" : "thebat-access-email(13527)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.029:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.031:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.043:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.31:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.48:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.49:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.032:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.51:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.39:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.028:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.039:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.035:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.52:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.42f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.47:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.011:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.041:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.33:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.101:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.015:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.46:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.036:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.53d:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.34:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.44:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.45:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.35:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.037:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1134", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012773.html", "name" : "20031026 Java 1.4.2_02 InsecurityManager JVM crash", "refsource" : "FULLDISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8892", "name" : "8892", "refsource" : "BID", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:java:1.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:java:1.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:java:1.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1135", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342472", "name" : "20031026 Buffer Overflow in Yahoo messenger Client", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8894", "name" : "8894", "refsource" : "BID", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of \"%\" (percent) characters after the Yahoo ID." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yahoo:messenger:5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.6 }, "severity" : "LOW", "exploitabilityScore" : 4.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1136", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342475", "name" : "20031026 New Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8895", "name" : "8895", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8896", "name" : "8896", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/2718", "name" : "2718", "refsource" : "OSVDB", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securitytracker.com/id?1008006", "name" : "1008006", "refsource" : "SECTRACK", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10080", "name" : "10080", "refsource" : "SECUNIA", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13523", "name" : "guestbook-doublequotation-xss(13523)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13522", "name" : "guestbook-html-xss(13522)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:chi_kien_uong:chi_kien_uong_guestbook:1.51:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-23T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1137", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342473", "name" : "20031027 sh-httpd `wildcard character' vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/342766", "name" : "20031028 Re: sh-httpd `wildcard character' vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/8897", "name" : "8897", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13519", "name" : "shtttpd-get-information-disclosure(13519)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk (*) wildcard character." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:charles_steinkuehler:sh-httpd:0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:charles_steinkuehler:sh-httpd:0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-27T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1138", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342578", "name" : "20031027 Root Directory Listing on RH default apache", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8898", "name" : "8898", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:interchange:2.0.40_21.5:*:i386:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-27T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1139", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342476", "name" : "20031027 Musicqueue multiple local vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0021.html", "name" : "20031027 Musicqueue multiple local vulnerabilities", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8899", "name" : "8899", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10104", "name" : "10104", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securitytracker.com/id?1008014", "name" : "1008014", "refsource" : "SECTRACK", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13520", "name" : "musicqueue-tmpfile-symlink(13520)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Musicqueue 1.2.0 allows local users to overwrite arbitrary files by triggering a segmentation fault and using a symlink attack on the resulting musicqueue.crash file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:musicqueue:musicqueue:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-27T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1140", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342476", "name" : "20031027 Musicqueue multiple local vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0021.html", "name" : "20031027 Musicqueue multiple local vulnerabilities", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8903", "name" : "8903", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://securitytracker.com/id?1008014", "name" : "1008014", "refsource" : "SECTRACK", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10104", "name" : "10104", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13521", "name" : "musicqueue-getconf-bo(13521)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:musicqueue:musicqueue:1.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:musicqueue:musicqueue:0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:musicqueue:musicqueue:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:musicqueue:musicqueue:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:musicqueue:musicqueue:0.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:musicqueue:musicqueue:0.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-27T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1141", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/343318", "name" : "20031104 NIPrint remote exploit", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/archive/1/343257", "name" : "20031104 SRT2003-11-02-0115 - NIPrint LPD-LPR Remote overflow", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8968", "name" : "8968", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/2774", "name" : "2774", "refsource" : "OSVDB", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10143", "name" : "10143", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13591", "name" : "niprint-bo(13591)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in NIPrint 4.10 allows remote attackers to execute arbitrary code via a long string to TCP port 515." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:network_instruments:niprint_lpd-lpr_print_server:4.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-04T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1142", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/343258", "name" : "20031104 SRT2003-11-02-0218 - NIPrint LPD-LPR Local Help API SYSTEM exploit", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8969", "name" : "8969", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13592", "name" : "niprint-helpapi-gain-privileges(13592)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:network_instruments:niprint_lpd-lpr_print_server:4.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1143", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342957", "name" : "20031030 Serious Sam is not so serious", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://aluigi.altervista.org/adv/ssboom-adv.txt", "name" : "http://aluigi.altervista.org/adv/ssboom-adv.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8936", "name" : "8936", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13618", "name" : "serioussam-games-packet-dos(13618)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter 1.05, and Serious Sam: the Second Encounter 1.05 allow remote attackers to cause a denial of service (crash or freeze) via a TCP packet with an invalid first parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:croteam:serioussam:the_second_encounter_demo:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:croteam:serioussam:the_first_encounter_1.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:croteam:serioussam:the_second_encounter_1.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:croteam:serioussam:test_2_2.1_a:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-30T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1144", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/343322", "name" : "20031104 Liteserve Buffer Overflow in Handling Server's Log.", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013231.html", "name" : "20031103 Liteserve Buffer Overflow in Handling Server's Log", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8971", "name" : "8971", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/2766", "name" : "2766", "refsource" : "OSVDB", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://securitytracker.com/id?1008093", "name" : "1008093", "refsource" : "SECTRACK", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10136", "name" : "10136", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13599", "name" : "liteserve-log-entry-bo(13599)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:perception:liteserve:1.25:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:perception:liteserve:1.28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:perception:liteserve:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:perception:liteserve:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:perception:liteserve:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:perception:liteserve:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-04T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1145", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/343806", "name" : "20031107 OpenAutoClassifieds XSS attack", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8972", "name" : "8972", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/2767", "name" : "2767", "refsource" : "OSVDB", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10138", "name" : "10138", "refsource" : "SECUNIA", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13604", "name" : "openautoclassifieds-friendmail-xss(13604)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote attackers to inject arbitrary web script or HTML via the listing parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:openautoclassifieds:openautoclassifieds:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1146", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://security.nnov.ru/docs5347.html", "name" : "http://security.nnov.ru/docs5347.html", "refsource" : "MISC", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8977", "name" : "8977", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:john_beatty:easy_php_photo_album:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-05-11T04:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1147", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0955. Reason: This candidate is a duplicate of CVE-2003-0955. Notes: All CVE users should reference CVE-2003-0955 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-10T19:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1148", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0262.html", "name" : "20031026 Les Visiteurs v2.0.1 code injection vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/8902", "name" : "8902", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/2717", "name" : "2717", "refsource" : "OSVDB", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/3586", "name" : "3586", "refsource" : "OSVDB", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://securitytracker.com/id?1008011", "name" : "1008011", "refsource" : "SECTRACK", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://secunia.com/advisories/10079", "name" : "10079", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securitytracker.com/id?1017065", "name" : "1017065", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13529", "name" : "les-visiteurs-file-include(13529)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter to (1) config.inc.php or (2) new-visitor.inc.php in common/visiteurs/include/." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:les_visiteurs:les_visiteurs:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-25T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1149", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342548", "name" : "20031027 Norton Internet Security 2003 XSS", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2003.10.27.html", "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2003.10.27.html", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8904", "name" : "8904", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/2714", "name" : "2714", "refsource" : "OSVDB", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10067", "name" : "10067", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13528", "name" : "norton-is-blocked-xss(13528)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows remote attackers to inject arbitrary web script or HTML via a URL to a blocked site, which is displayed on the blocked sites error page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_internet_security:2003_6.0.4.34:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-27T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1150", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10088194.htm", "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10088194.htm", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8907", "name" : "8907", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10100", "name" : "10100", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13564", "name" : "novell-portmapper-bo(13564)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:zenworks_desktops:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:zenworks_desktops:4.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:zenworks_desktops:3.2:sp2:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-27T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1151", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342678", "name" : "20031028 Fastream NetFile FTP/WebServer 6.0 CSS Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8908", "name" : "8908", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/2732", "name" : "2732", "refsource" : "OSVDB", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://securitytracker.com/id?1008020", "name" : "1008020", "refsource" : "SECTRACK", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10099", "name" : "10099", "refsource" : "SECUNIA", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13535", "name" : "fastream-nonexistent-url-xss(13535)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6.0.3.588 allows remote attackers to inject arbitrary web script or HTML via the URL, which is displayed on a \"404 Not Found\" error page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:fastream:netfile_ftp_web_server:6.0.3.588:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-10-28T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1152", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012811.html", "name" : "20031028 STG Security Advisory: [SSA-20031025-05] InfronTech WebTide 7.04 Directory and File Disclosure Vulnerability", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8909", "name" : "8909", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/2719", "name" : "2719", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1008016", "name" : "1008016", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10078", "name" : "10078", "refsource" : "SECUNIA", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13533", "name" : "webtide-file-disclosure(13533)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "WebTide 7.04 allows remote attackers to list arbitrary directories via an HTTP request for %3f.jsp (encoded \"?\")." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:infrontech:webtide:7.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1153", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012801.html", "name" : "20031027 Bytehoard File Disclosure VUlnerability Sequel", "refsource" : "FULLDISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8910", "name" : "8910", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/2700", "name" : "2700", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10082", "name" : "10082", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13531", "name" : "bytehoard-view-file(13531)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files and directories via a direct request to files.inc.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bytehoard:bytehoard:0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bytehoard:bytehoard:0.71:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1154", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.computerworld.co.nz/cw.nsf/0/BF9E8E6E2D313E5FCC256DD70016473F?OpenDocument&More=", "name" : "http://www.computerworld.co.nz/cw.nsf/0/BF9E8E6E2D313E5FCC256DD70016473F?OpenDocument&More=", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8982", "name" : "8982", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/2772", "name" : "2772", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10148", "name" : "10148", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13611", "name" : "mailsweeper-zip-virus-bypass(13611)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus protection via a mail message with a malformed zip attachment, as exploited by certain MIMAIL virus variants." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.6_sp1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1155", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.xcdroast.org/xcdr098/changelog-a15.html", "name" : "http://www.xcdroast.org/xcdr098/changelog-a15.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8983", "name" : "8983", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.osvdb.org/2786", "name" : "2786", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1008094", "name" : "1008094", "refsource" : "SECTRACK", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/10162", "name" : "10162", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13612", "name" : "xcdroast-symlink(13612)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "X-CD-Roast 0.98 alpha10 through alpha14 allows local users to overwrite arbitrary files via a symlink attack on an unknown file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x-cd-roast:x-cd-roast:0.98_alpha10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x-cd-roast:x-cd-roast:0.98_alpha11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x-cd-roast:x-cd-roast:0.98_alpha12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x-cd-roast:x-cd-roast:0.98_alpha13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x-cd-roast:x-cd-roast:0.98_alpha14:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1156", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/343038", "name" : "20031031 Advisory: Sun's jre/jdk 1.4.2 multiple vulernabilities in linuxinstallers", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8937", "name" : "8937", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13570", "name" : "sun-jre-java-symlink(13570)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2:update2:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4.2:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4.2_02:*:linux:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1157", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/343040", "name" : "20031031 IRM 008: Citrix Metaframe XP is vulnerable to Cross Site Scripting", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8939", "name" : "8939", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/2762", "name" : "2762", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10127", "name" : "10127", "refsource" : "SECUNIA", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/27948", "name" : "27948", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40782", "name" : "citrix-webmanager-login-xss(40782)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13569", "name" : "metaframe-error-message-xss(13569)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:citrix:metaframe:1.0:*:xp:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1158", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-09/0275.html", "name" : "20030917 Denial Of Service in Plug & Play Web (FTP) Server", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8667", "name" : "8667", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13219", "name" : "plugandplaywebserver-multiple-commands-dos(13219)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in the FTP service in Plug and Play Web Server 1.0002c allow remote attackers to cause a denial of service (crash) via long (1) dir, (2) ls, (3) delete, (4) mkdir, (5) DELE, (6) RMD, or (7) MKD commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plug_and_play_software:plug_and_play_web_server:1.0.002c:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1159", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0343.html", "name" : "20031031 DoS in Plug and Play Web Server Proxy Server", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8941", "name" : "8941", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/2764", "name" : "2764", "refsource" : "OSVDB", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10131", "name" : "10131", "refsource" : "SECUNIA", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13572", "name" : "plugandplaywebserver-get-dos(13572)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Plug and Play Web Server Proxy 1.0002c allows remote attackers to cause a denial of service (server crash) via an invalid URI in an HTTP GET request to TCP port 8080." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plug_and_play:plug_and_play_web_server_proxy:1.0002c:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1160", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.nl/0310-exploits/FlexWATCH.txt", "name" : "http://packetstormsecurity.nl/0310-exploits/FlexWATCH.txt", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8942", "name" : "8942", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/2842", "name" : "2842", "refsource" : "OSVDB", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://securitytracker.com/id?1008049", "name" : "1008049", "refsource" : "SECTRACK", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/10132", "name" : "10132", "refsource" : "SECUNIA", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13567", "name" : "flexwatch-slash-admin-access(13567)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "FlexWATCH Network video server 132 allows remote attackers to bypass authentication and gain administrative privileges via an HTTP request to aindex.htm that contains double leading slashes (//)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:seyeon:flexwatch_network_video_server:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:seyeon:flexwatch_network_video_server:model_132:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-30T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1161", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ussg.iu.edu/hypermail/linux/kernel/0311.0/0621.html", "name" : "[linux-kernel] 20031105 BK2CVS problem", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "http://www.ussg.iu.edu/hypermail/linux/kernel/0311.0/0627.html", "name" : "[linux-kernel] 20031105 Re: BK2CVS problem", "refsource" : "MLIST", "tags" : [ "Exploit" ] }, { "url" : "http://www.ussg.iu.edu/hypermail/linux/kernel/0311.0/0630.html", "name" : "[linux-kernel] 20031105 Re: BK2CVS problem", "refsource" : "MLIST", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8987", "name" : "8987", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1162", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0348.html", "name" : "20031031 Virginity Security Advisory 2003-002 : Tritanium Bulletin Board - Read and write from/to internal (protected) Threads", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8944", "name" : "8944", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/2770", "name" : "2770", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10135", "name" : "10135", "refsource" : "SECUNIA", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13587", "name" : "tritanium-threadid-view-messages(13587)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to read and reply to arbitrary messages by modifying the thread_id, forum_id, and sid parameters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tritanium_scripts:tritanium_bulletin_board:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tritanium_scripts:tritanium_bulletin_board:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tritanium_scripts:tritanium_bulletin_board:1.1_final:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tritanium_scripts:tritanium_bulletin_board:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tritanium_scripts:tritanium_bulletin_board:0.999_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tritanium_scripts:tritanium_bulletin_board:1.0_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tritanium_scripts:tritanium_bulletin_board:0.993_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tritanium_scripts:tritanium_bulletin_board:0.994_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tritanium_scripts:tritanium_bulletin_board:1.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1163", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/343689", "name" : "20031106 DoS for Ganglia", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://ganglia.sourceforge.net/", "name" : "http://ganglia.sourceforge.net/", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8988", "name" : "8988", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/2787", "name" : "2787", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10166", "name" : "10166", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13631", "name" : "ganglia-gmond-dos(13631)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denial of service (segmentation fault) via a UDP packet that contains a single-byte name string, which is used as an out-of-bounds array index." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ganglia:gmond:2.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ganglia:gmond:2.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ganglia:gmond:2.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ganglia:gmond:2.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ganglia:gmond:2.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1164", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/013070.html", "name" : "20031031 XSS In mldonkey - But....", "refsource" : "FULLDISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8946", "name" : "8946", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/10134", "name" : "10134", "refsource" : "SECUNIA", "tags" : [ "Exploit", "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13615", "name" : "mldonkey-xss(13615)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows remote attackers to inject arbitrary web script or HTML via the URI, which is injected into the HTML error page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mldonkey:mldonkey:2.5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1165", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/343111", "name" : "20031101 BRS WebWeaver 1.06 remote DoS vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8947", "name" : "8947", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13571", "name" : "brswebweaver-useragent-bo(13571)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with a long User-Agent header." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brs:webweaver:0.60_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brs:webweaver:0.61_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brs:webweaver:0.62_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brs:webweaver:1.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brs:webweaver:0.51_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brs:webweaver:0.52_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brs:webweaver:1.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brs:webweaver:1.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brs:webweaver:0.49_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brs:webweaver:0.50_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brs:webweaver:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brs:webweaver:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brs:webweaver:0.63_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brs:webweaver:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1166", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.http-com.com/Default.asp?section=Features", "name" : "http://www.http-com.com/Default.asp?section=Features", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8948", "name" : "8948", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/2780", "name" : "2780", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10125", "name" : "10125", "refsource" : "SECUNIA", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13622", "name" : "http-commander-directory-traversal(13622)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. (dot dot) in the file parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:http_commander:http_commander:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1167", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342736", "name" : "20031028 Local root vuln in kpopup", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8915", "name" : "8915", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.osvdb.org/2742", "name" : "2742", "refsource" : "OSVDB", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/10105", "name" : "10105", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13540", "name" : "kpopup-systemcall-execute-code(13540)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gernot_stocker:kpopup:0.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gernot_stocker:kpopup:0.9.5_pre2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1168", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8949", "name" : "8949", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/10125", "name" : "10125", "refsource" : "SECUNIA", "tags" : [ "Exploit", "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "HTTP Commander 4.0 allows remote attackers to obtain sensitive information via an HTTP request that contains a . (dot) in the file parameter, which reveals the installation path in an error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:http_commander:http_commander:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1169", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013113.html", "name" : "20031101 DATEV Nutzungskontrolle Bypassing (REG)", "refsource" : "FULLDISC", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/8950", "name" : "8950", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13589", "name" : "nutzungskontrolle-registry-security-bypass(13589)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:datev:nutzungskontrolle:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:datev:nutzungskontrolle:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1170", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342736", "name" : "20031028 Local root vuln in kpopup", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/8918", "name" : "8918", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/3290", "name" : "3290", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10105", "name" : "10105", "refsource" : "SECUNIA", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via format string specifiers in command line arguments." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gernot_stocker:kpopup:0.9.5_pre2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gernot_stocker:kpopup:0.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1171", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342767", "name" : "20031028 mod_security 1.7RC1 to 1.7.1 vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Patch" ] }, { "url" : "http://www.modsecurity.org/download/CHANGES", "name" : "http://www.modsecurity.org/download/CHANGES", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8919", "name" : "8919", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://securitytracker.com/id?1008025", "name" : "1008025", "refsource" : "SECTRACK", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://secunia.com/advisories/10085", "name" : "10085", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://adsystems.com.pl/adg-mod_security171.txt", "name" : "http://adsystems.com.pl/adg-mod_security171.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13543", "name" : "mod-security-secfilterout-bo(13543)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_security:mod_security:1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_security:mod_security:1.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1172", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securiteam.com/securitynews/6W00L0U8KC.html", "name" : "http://www.securiteam.com/securitynews/6W00L0U8KC.html", "refsource" : "MISC", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/8883", "name" : "8883", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/2749", "name" : "2749", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1007993", "name" : "1007993", "refsource" : "SECTRACK", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/10064", "name" : "10064", "refsource" : "SECUNIA", "tags" : [ "Exploit" ] }, { "url" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=23949", "name" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=23949", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13499", "name" : "apachecocoon-directory-traversal-bootini(13499)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:cocoon:2.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:cocoon:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:cocoon:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1173", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342765", "name" : "20031028 FirstClass 7.1 HTTP Server: Remote Directory Listing", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/archive/1/342909", "name" : "20031030 Re: FirstClass 7.1 HTTP Server: Remote Directory Listing", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8920", "name" : "8920", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.osvdb.org/2723", "name" : "2723", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10084", "name" : "10084", "refsource" : "SECUNIA", "tags" : [ "Exploit", "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13546", "name" : "firstclass-view-unauthorized-files(13546)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:centrinity:centrinity_firstclass:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1174", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/343177", "name" : "20031102 ShoutCast server 1.9.2/win32", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8954", "name" : "8954", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/2776", "name" : "2776", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1008080", "name" : "1008080", "refsource" : "SECTRACK", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/10146", "name" : "10146", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13586", "name" : "shoutcast-long-icy-dos(13586)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nullsoft:shoutcast_server:1.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1175", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=834374&group_id=64442&atid=507493", "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=834374&group_id=64442&atid=507493", "refsource" : "CONFIRM", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8956", "name" : "8956", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/2790", "name" : "2790", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10165", "name" : "10165", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13630", "name" : "sympoll-indexphp-xss(13630)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 allows remote attackers to inject arbitrary web script or HTML via the vo parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synthetic_reality:sympoll:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1176", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/343175", "name" : "20031102 Unauthorized access in Web Wiz Forum", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/archive/1/343314", "name" : "20031104 Re: Unauthorized access in Web Wiz Forum", "refsource" : "BUGTRAQ", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/8957", "name" : "8957", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/2768", "name" : "2768", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1008100", "name" : "1008100", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10137", "name" : "10137", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13581", "name" : "webwizforums-quotemode-message-access(13581)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bdc_enterprises:web_wiz_forums:6.34:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bdc_enterprises:web_wiz_forums:7.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bdc_enterprises:web_wiz_forums:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1177", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/1459.html", "name" : "20031024 Vulnerability in MERCUR Mail Server v4.2 SP3 and below", "refsource" : "FULLDISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.securiteam.com/windowsntfocus/6U00N1P8KC.html", "name" : "http://www.securiteam.com/windowsntfocus/6U00N1P8KC.html", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8861", "name" : "8861", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8889", "name" : "8889", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/2688", "name" : "2688", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10038", "name" : "10038", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "http://www.atrium-software.com/mail%20server/pub/mcr42sp3a.html", "name" : "http://www.atrium-software.com/mail%20server/pub/mcr42sp3a.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13468", "name" : "mercur-auth-command-dos(13468)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atrium_software:mercur_mailserver:4.1_sp1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atrium_software:mercur_mailserver:4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atrium_software:mercur_mailserver:4.2_sp1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atrium_software:mercur_mailserver:4.2_sp2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atrium_software:mercur_mailserver:3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atrium_software:mercur_mailserver:3.3_sp1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atrium_software:mercur_mailserver:3.3_sp2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atrium_software:mercur_mailserver:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1178", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342493", "name" : "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8890", "name" : "8890", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/2743", "name" : "2743", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10068", "name" : "10068", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://attrition.org/pipermail/vim/2006-October/001080.html", "name" : "Advanced Poll v2.02 :) <= Remote File Inclusion", "refsource" : "VIM", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29396", "name" : "advanced-poll-comments-file-include(29396)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13513", "name" : "advancedpoll-php-injection(13513)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/448007/100/0/threaded", "name" : "20061008 Advanced Poll v2.02 :) <= Remote File Inclusion", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the (1) id, (2) template_set, or (3) action parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:advanced_poll:advanced_poll:2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:advanced_poll:advanced_poll:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:advanced_poll:advanced_poll:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1179", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342493", "name" : "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.phpsecure.info/v2/tutos/frog/AdvancedPoll2.0.2.txt", "name" : "http://www.phpsecure.info/v2/tutos/frog/AdvancedPoll2.0.2.txt", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8890", "name" : "8890", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/3291", "name" : "3291", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10068", "name" : "10068", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.solpotcrew.org/adv/solpot-adv-02.txt", "name" : "http://www.solpotcrew.org/adv/solpot-adv-02.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/19105", "name" : "19105", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/28988", "name" : "28988", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13514", "name" : "advancedpoll-php-file-include(13514)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/440780/100/0/threaded", "name" : "20060721 SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:advanced_poll:advanced_poll:2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:advanced_poll:advanced_poll:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:advanced_poll:advanced_poll:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1180", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342493", "name" : "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8890", "name" : "8890", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/3291", "name" : "3291", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10068", "name" : "10068", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13514", "name" : "advancedpoll-php-file-include(13514)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the base_path or pollvars[lang] parameters to the admin files (1) index.php, (2) admin_tpl_new.php, (3) admin_tpl_misc_new.php, (4) admin_templates_misc.php, (5) admin_templates.php, (6) admin_stats.php, (7) admin_settings.php, (8) admin_preview.php, (9) admin_password.php, (10) admin_logout.php, (11) admin_license.php, (12) admin_help.php, (13) admin_embed.php, (14) admin_edit.php, or (15) admin_comment.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:advanced_poll:advanced_poll:2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:advanced_poll:advanced_poll:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:advanced_poll:advanced_poll:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1181", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342493", "name" : "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0019.html", "name" : "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8890", "name" : "8890", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/3292", "name" : "3292", "refsource" : "OSVDB", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10068", "name" : "10068", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13515", "name" : "advancedpoll-phpinfo-obtain-information(13515)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Advanced Poll 2.0.2 allows remote attackers to obtain sensitive information via an HTTP request to info.php, which invokes the phpinfo() function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:advanced_poll:advanced_poll:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-25T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1182", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8958", "name" : "8958", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/2754", "name" : "2754", "refsource" : "OSVDB", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10122", "name" : "10122", "refsource" : "SECUNIA", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13575", "name" : "mpmguestbook-ing-xss(13575)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mpm:mpm_guestbook:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1183", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.oracle.com/technology/deploy/security/pdf/2003alert60.pdf", "name" : "http://www.oracle.com/technology/deploy/security/pdf/2003alert60.pdf", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/8923", "name" : "8923", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/2727", "name" : "2727", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10088", "name" : "10088", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13545", "name" : "oraclecollaborationsuite-file-access(13545)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 of Oracle Collaboration Suite Release 1 caches files despite the cacheability rules imposed by Oracle Files, which allows local users to gain access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle_files:9.0.3.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle_files:9.0.3.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle_files:9.0.3.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-28T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1184", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sourceforge.net/project/shownotes.php?release_id=195009", "name" : "http://sourceforge.net/project/shownotes.php?release_id=195009", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8959", "name" : "8959", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.osvdb.org/3077", "name" : "3077", "refsource" : "OSVDB", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/4825", "name" : "4825", "refsource" : "OSVDB", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/4826", "name" : "4826", "refsource" : "OSVDB", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/4827", "name" : "4827", "refsource" : "OSVDB", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/4828", "name" : "4828", "refsource" : "OSVDB", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/4829", "name" : "4829", "refsource" : "OSVDB", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10120", "name" : "10120", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13582", "name" : "thwboard-multiple-fields-xss(13582)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2.8 and 2.81 allow remote attackers to inject arbitrary web script or HTML via (1) time in board.php, (2) the profile Homepage-Feld, (3) pictures, and (4) other \"Diverse XSS Bugs.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:thwboard:thwboard:2.8_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:thwboard:thwboard:2.81_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1185", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sourceforge.net/project/shownotes.php?release_id=195009", "name" : "http://sourceforge.net/project/shownotes.php?release_id=195009", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8961", "name" : "8961", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.osvdb.org/2758", "name" : "2758", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.osvdb.org/4838", "name" : "4838", "refsource" : "OSVDB", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/4840", "name" : "4840", "refsource" : "OSVDB", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/4841", "name" : "4841", "refsource" : "OSVDB", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10120", "name" : "10120", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13583", "name" : "thwboard-multiple-sql-injection(13583)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 allow remote attackers to inject arbitrary SQL commands via various vectors including (1) Admin-Center, (2) Announcements, (3) admin/calendar.php, and (4) showevent.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:thwboard:thwboard:2.8_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:thwboard:thwboard:2.81_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1186", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342785", "name" : "20031029 TelCondex SimpleWebserver Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/8925", "name" : "8925", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.osvdb.org/10101", "name" : "10101", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13549", "name" : "simplewebserver-referer-bo(13549)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 allows remote attackers to execute arbitrary code via a long HTTP Referer header." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:telcondex:simplewebserver:2.12.30210_build3285:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-29T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1187", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013139.html", "name" : "20031102 [bWM#017] Cross-Site-Scripting @ PHPKIT", "refsource" : "FULLDISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://badwebmasters.net/advisory/017/", "name" : "http://badwebmasters.net/advisory/017/", "refsource" : "MISC", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8960", "name" : "8960", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13590", "name" : "phpkit-include-xss(13590)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6.02 and 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the contact_email parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpkit:phpkit:1.6.02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpkit:phpkit:1.6.03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-02T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1188", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/343182", "name" : "20031102 Unichat Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8962", "name" : "8962", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/2844", "name" : "2844", "refsource" : "OSVDB", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10163", "name" : "10163", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13610", "name" : "unichat-nonalphanumeric-character-dos(13610)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unichat allows remote attackers to cause a denial of service (crash) by adding extra chat characters (avatars) and logging in to a chat room, as demonstrated using duplicate ACTOR entries in u2res000.rit." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:unichat:unichat:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-02T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1189", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8928", "name" : "8928", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.osvdb.org/2724", "name" : "2724", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1007992", "name" : "1007992", "refsource" : "SECTRACK", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/10083", "name" : "10083", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13539", "name" : "nokia-ipso-ipcluster-dos(13539)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, allows remote attackers to cause a denial of service via unknown attack vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nokia:ipso:3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-29T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1190", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sourceforge.net/project/shownotes.php?release_id=193940", "name" : "http://sourceforge.net/project/shownotes.php?release_id=193940", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8963", "name" : "8963", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.osvdb.org/2755", "name" : "2755", "refsource" : "OSVDB", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10109", "name" : "10109", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13574", "name" : "phprecipebook-recipe-xss(13574)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through 2.17 allows remote attackers to inject arbitrary web script or HTML via a recipe." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:1.26:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:1.26a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.05:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.06:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:1.27:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:1.27a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:1.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:1.31:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.04:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:1.25:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:1.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:1.30a:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1191", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0313.html", "name" : "20031029 E107 DoS vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.hackingheaven.com/index.php?name=PNphpBB2&file=viewtopic&t=21", "name" : "http://www.hackingheaven.com/index.php?name=PNphpBB2&file=viewtopic&t=21", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8930", "name" : "8930", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.osvdb.org/2753", "name" : "2753", "refsource" : "OSVDB", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10115", "name" : "10115", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13553", "name" : "e107chatboxdos(13553)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-29T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1192", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.derkeiler.com/Mailing-Lists/VulnWatch/2003-11/0001.html", "name" : "20031103 IA WebMail Server 3.x Buffer Overflow Vulnerability", "refsource" : "VULNWATCH", "tags" : [ "Exploit" ] }, { "url" : "http://www.elitehaven.net/iawebmail.txt", "name" : "http://www.elitehaven.net/iawebmail.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securiteam.com/windowsntfocus/6B002158UQ.html", "name" : "http://www.securiteam.com/windowsntfocus/6B002158UQ.html", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8965", "name" : "8965", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/2757", "name" : "2757", "refsource" : "OSVDB", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securitytracker.com/id?1008075", "name" : "1008075", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10107", "name" : "10107", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13580", "name" : "iawebmailserver-get-bo(13580)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:truenorth_software:ia_webmail_server:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:truenorth_software:ia_webmail_server:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1193", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/343520", "name" : "20031105 Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)", "refsource" : "BUGTRAQ", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf", "name" : "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/8966", "name" : "8966", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13593", "name" : "oracle-portal-sql-injection(13593)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:application_server_portal:3.0.9.8.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:application_server_portal:9.0.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:application_server_portal:9.0.2.3a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:application_server_portal:9.0.2.3b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1194", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sourceforge.net/project/shownotes.php?release_id=193878", "name" : "http://sourceforge.net/project/shownotes.php?release_id=193878", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8932", "name" : "8932", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://securitytracker.com/id?1008056", "name" : "1008056", "refsource" : "SECTRACK", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/10110", "name" : "10110", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13557", "name" : "booby-error-message-xss(13557)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 allows remote attackers to inject arbitrary web script or HTML via the error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:booby:booby:0.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:booby:booby:0.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:booby:booby:0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:booby:booby:0.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:booby:booby:0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:booby:booby:0.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:booby:booby:0.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:booby:booby:0.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:booby:booby:0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-30T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1195", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/014065.html", "name" : "20031123 VieNuke VieBoard SQL Injection Vulnerability... again", "refsource" : "FULLDISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/4606", "name" : "4606", "refsource" : "OSVDB", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13819", "name" : "vieboard-getmember-sql-injection(13819)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 allows remote attackers to execute arbitrary SQL commands via the msn variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:vienuke:vieboard:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:vienuke:vieboard:2.6_beta_1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-23T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1196", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.vienuke.com/vie/viewtopic.asp?forumid=43&id=2822&page=1", "name" : "http://www.vienuke.com/vie/viewtopic.asp?forumid=43&id=2822&page=1", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8967", "name" : "8967", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.osvdb.org/2789", "name" : "2789", "refsource" : "OSVDB", "tags" : [ "Exploit", "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13629", "name" : "vieboard-viewtopic-sql-injection(13629)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vienuke:vieboard:2.6_beta_1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vienuke:vieboard:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-03T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1197", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342913", "name" : "20031030 Multiple Vulnerabilities in Led-Forums", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8934", "name" : "8934", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/10113", "name" : "10113", "refsource" : "SECUNIA", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13563", "name" : "ledforums-topicfield-redirect(13563)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13562", "name" : "ledforums-indexphp-xss(13562)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in index.php for Ledscripts.com LedForums Beta 1 allows remote attackers to inject arbitrary web script or HTML via the (1) top_message parameter or (2) topic field of a new thread." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:ledscripts.com:ledforums:beta_1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-10-30T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1198", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://freshmeat.net/redir/cherokee/20646/url_changelog/ChangeLog", "name" : "http://freshmeat.net/redir/cherokee/20646/url_changelog/ChangeLog", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9345", "name" : "9345", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.osvdb.org/3306", "name" : "3306", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10518", "name" : "10518", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14119", "name" : "cherokee-post-request-dos(14119)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "connection.c in Cherokee web server before 0.4.6 allows remote attackers to cause a denial of service via an HTTP POST request without a Content-Length header field." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cherokee:cherokee_httpd:0.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cherokee:cherokee_httpd:0.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cherokee:cherokee_httpd:0.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cherokee:cherokee_httpd:0.4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cherokee:cherokee_httpd:0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cherokee:cherokee_httpd:0.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cherokee:cherokee_httpd:0.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cherokee:cherokee_httpd:0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-26T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1199", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.autistici.org/fdonato/advisory/MyProxy20030629-adv.txt", "name" : "http://www.autistici.org/fdonato/advisory/MyProxy20030629-adv.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/9846", "name" : "9846", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/4202", "name" : "4202", "refsource" : "OSVDB", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/11090", "name" : "11090", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=107902444305344&w=2", "name" : "20030311 XSS in MyProxy 20030629", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15438", "name" : "myproxy-xss(15438)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:myproxy:myproxy:2003-06-29:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-03-11T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1200", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/348454", "name" : "20031229 [Hat-Squad] Remote buffer overflow in Mdaemon Raw message Handler", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://hat-squad.com/bugreport/mdaemon-raw.txt", "name" : "http://hat-squad.com/bugreport/mdaemon-raw.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/9317", "name" : "9317", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/3255", "name" : "3255", "refsource" : "OSVDB", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10512", "name" : "10512", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=107936753929354&w=2", "name" : "20040314 Rosiello Security's exploit for MDaemon", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14097", "name" : "mdaemon-form2raw-from-bo(14097)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:6.7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:6.7.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:6.8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:6.8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:6.8.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:6.8.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:6.8.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:6.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:6.8.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-29T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1201", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openldap.org/its/index.cgi?findid=2390", "name" : "http://www.openldap.org/its/index.cgi?findid=2390", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000685", "name" : "CLSA-2003:685", "refsource" : "CONECTIVA", "tags" : [ "Patch" ] }, { "url" : "http://security.gentoo.org/glsa/glsa-200403-12.xml", "name" : "GLSA-200403-12", "refsource" : "GENTOO", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7656", "name" : "7656", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/9203", "name" : "9203", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/11261", "name" : "11261", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "http://www.osvdb.org/17000", "name" : "17000", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12520", "name" : "openldap-back-ldbm-dos(12520)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.11_11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.1.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.1.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.1.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.27:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.11_9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.25:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.11_11s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.1.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.1.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.1.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.1.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-20T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1202", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8451", "name" : "8451", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://secunia.com/advisories/9585", "name" : "9585", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106132514828641&w=2", "name" : "20030821 Remote Execution of Commands in Omail Webmail 0.98.4 and earlier", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=106149679129042&w=2", "name" : "20030821 Re: Remote Execution of Commands in Omail Webmail 0.98.4 and earlier", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12948", "name" : "omailwebmail-checklogin-code-execution(12948)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:omail:omail_webmail:0.97.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:omail:omail_webmail:0.98.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-19T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1203", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7135", "name" : "7135", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html", "name" : "20030318 Some XSS vulns", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11601", "name" : "mambo-option-index-xss(11601)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mambo:mambo_site_server:4.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-03-18T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1204", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/306206", "name" : "20030110 Mambo Site Server Remote Code Execution", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6571", "name" : "6571", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/7495", "name" : "7495", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.osvdb.org/7496", "name" : "7496", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.osvdb.org/7497", "name" : "7497", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.osvdb.org/7498", "name" : "7498", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.osvdb.org/7499", "name" : "7499", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.osvdb.org/7500", "name" : "7500", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.osvdb.org/7501", "name" : "7501", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.osvdb.org/7502", "name" : "7502", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.osvdb.org/7503", "name" : "7503", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.osvdb.org/7504", "name" : "7504", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.osvdb.org/7505", "name" : "7505", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11050", "name" : "mambo-multiple-scripts-xss(11050)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:mambo:mambo_site_server:4.0.12_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:mambo:mambo_site_server:4.0.11:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1205", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.crob.net/studio/ftpserver/", "name" : "http://www.crob.net/studio/ftpserver/", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.osvdb.org/2378", "name" : "2378", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9467", "name" : "9467", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106019292611151&w=2", "name" : "20030806 DoS Vulnerabilities in Crob FTP Server 2.60.1", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12838", "name" : "crob-rename-file-dos(12838)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Crob FTP Server 2.60.1 allows remote authenticated users to cause a denial of service (crash) by renaming a file to the \"con\" MS-DOS device name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:crob:crob_ftp_server:2.60.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-08-06T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1206", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-08/0087.html", "name" : "20030807 Re: DoS Vulnerabilities in Crob FTP Server 2.60.1", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.crob.net/studio/ftpserver/", "name" : "http://www.crob.net/studio/ftpserver/", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8929", "name" : "8929", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106019292611151&w=2", "name" : "20030806 DoS Vulnerabilities in Crob FTP Server 2.60.1", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12834", "name" : "crob-login-dos(12834)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in Crob FTP Server 2.60.1 allows remote attackers to cause a denial of service (crash) via \"%s\" or \"%n\" sequences in (1) the username during login, or other FTP commands such as (2) dir." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:crob:crob_ftp_server:2.60.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-06-03T04:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1207", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/352329", "name" : "20040201 Vulnerabilities in Crob FTP Server V3.5.1", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/9549", "name" : "9549", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securitytracker.com/id?1008908", "name" : "1008908", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10778", "name" : "10778", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15105", "name" : "crob-dir-dos(15105)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Crob FTP Server 3.5.1 allows remote authenticated users to cause a denial of service (crash) via a dir command with a large number of \".\" characters followed by a \"/*\" string." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:crob:crob_ftp_server:3.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-01T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1208", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0030.html", "name" : "20040205 Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.nextgenss.com/advisories/ora_from_tz.txt", "name" : "http://www.nextgenss.com/advisories/ora_from_tz.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.nextgenss.com/advisories/ora_numtodsinterval.txt", "name" : "http://www.nextgenss.com/advisories/ora_numtodsinterval.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.nextgenss.com/advisories/ora_numtoyminterval.txt", "name" : "http://www.nextgenss.com/advisories/ora_numtoyminterval.txt", "refsource" : "MISC", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.nextgenss.com/advisories/ora_time_zone.txt", "name" : "http://www.nextgenss.com/advisories/ora_time_zone.txt", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.kb.cert.org/vuls/id/240174", "name" : "VU#240174", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/399806", "name" : "VU#399806", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/819126", "name" : "VU#819126", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.kb.cert.org/vuls/id/846582", "name" : "VU#846582", "refsource" : "CERT-VN", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/o-093.shtml", "name" : "O-093", "refsource" : "CIAC", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9587", "name" : "9587", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/3837", "name" : "3837", "refsource" : "OSVDB", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/3838", "name" : "3838", "refsource" : "OSVDB", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/3839", "name" : "3839", "refsource" : "OSVDB", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/3840", "name" : "3840", "refsource" : "OSVDB", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/10805", "name" : "10805", "refsource" : "SECUNIA", "tags" : [ "Exploit", "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15060", "name" : "oracle-multiple-function-bo(15060)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2004-12-03T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1209", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://monkeyd.sourceforge.net/Changelog.txt", "name" : "http://monkeyd.sourceforge.net/Changelog.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7201", "name" : "7201", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11650", "name" : "monkey-content-type-dos(11650)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:monkey-project:monkey:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.6.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:monkey-project:monkey:0.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:monkey-project:monkey:0.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:monkey-project:monkey:0.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2020-03-26T14:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1210", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html", "name" : "20030513 More and More SQL injection on PHP-Nuke 6.5.", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7588", "name" : "7588", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11984", "name" : "phpnuke-multiple-sql-injection(11984)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1211", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-06/0048.html", "name" : "20030606 Critical Vulnerabilities In Max Web Portal", "refsource" : "BUGTRAQ", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7837", "name" : "7837", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.osvdb.org/3281", "name" : "3281", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8979", "name" : "8979", "refsource" : "SECUNIA", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12277", "name" : "maxwebportal-search-xss(12277)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPortal 1.30 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the Search parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:maxwebportal:maxwebportal:1.30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1212", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-06/0048.html", "name" : "20030606 Critical Vulnerabilities In Max Web Portal", "refsource" : "BUGTRAQ", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7837", "name" : "7837", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.osvdb.org/4933", "name" : "4933", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8979", "name" : "8979", "refsource" : "SECUNIA", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12278", "name" : "maxwebportal-form-field-modify(12278)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the 'start new topic' HTML page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:maxwebportal:maxwebportal:1.30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1213", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-06/0048.html", "name" : "20030606 Critical Vulnerabilities In Max Web Portal", "refsource" : "BUGTRAQ", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7837", "name" : "7837", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://secunia.com/advisories/8979", "name" : "8979", "refsource" : "SECUNIA", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12279", "name" : "maxwebportal-database-access(12279)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:maxwebportal:maxwebportal:1.30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1214", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ezcontents.org/forum/viewtopic.php?t=361", "name" : "http://www.ezcontents.org/forum/viewtopic.php?t=361", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/10839", "name" : "10839", "refsource" : "SECUNIA", "tags" : [ "Exploit", "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15136", "name" : "ezcontents-login-bypass(15136)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in the server login for VisualShapers ezContents 2.02 and earlier allows remote attackers to bypass access restrictions and gain access to restricted functions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:1.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:1.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:2.0_rc3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:1.44:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:1.45:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:1.45b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:1.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:1.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:2.0_rc1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:2.0_rc2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2004-02-11T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1215", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=161943", "name" : "http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=161943", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9314", "name" : "9314", "refsource" : "BID", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=107273069130885&w=2", "name" : "20031229 SQL Injection in phpBB's groupcp.php", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14096", "name" : "phpbb-groupcp-sql-injection(14096)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-29T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1216", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.phpbb.com/phpBB/viewtopic.php?t=153818", "name" : "http://www.phpbb.com/phpBB/viewtopic.php?t=153818", "refsource" : "CONFIRM", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9122", "name" : "9122", "refsource" : "BID", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=106997132425576&w=2", "name" : "20031127 phpBB 2.06 search.php SQL injection", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107005608726609&w=2", "name" : "20031128 [Hat-Squad] phpBB search_id injection exploit", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=107196735102970&w=2", "name" : "20031220 phpBB v2.06 search_id sql injection exploit", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13867", "name" : "phpbb-searchphp-sql-injection(13867)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-11-27T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1217", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1218", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-11T14:29Z", "lastModifiedDate" : "2017-05-11T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1219", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/347831", "name" : "20031217 osCommerce Malformed Session ID XSS Vuln", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.oscommerce.com/community/bugs,1546", "name" : "http://www.oscommerce.com/community/bugs,1546", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/9238", "name" : "9238", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://osdir.com/ml/web.oscommerce.cvs/2003-12/msg00024.html", "name" : "[tep-commits] 20031217 [TEP-COMMIT] CVS: catalog/catalog/includes/functions html_output.php,1.58,1.59", "refsource" : "MLIST", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oscommerce:oscommerce:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.2_ms2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2012-12-13T02:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1220", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/9034", "name" : "9034", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://dev2dev.bea.com/pub/advisory/25", "name" : "BEA03-39.00", "refsource" : "BEA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-10T19:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1221", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/9034", "name" : "9034", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://dev2dev.bea.com/pub/advisory/32", "name" : "BEA03-40.00", "refsource" : "BEA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-10T19:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1222", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/9034", "name" : "9034", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://dev2dev.bea.com/pub/advisory/63", "name" : "BEA03-41.00", "refsource" : "BEA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-10T19:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1223", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/9034", "name" : "9034", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://dev2dev.bea.com/pub/advisory/48", "name" : "BEA03-42.00", "refsource" : "BEA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp3:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-10T19:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1224", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7563", "name" : "7563", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://dev2dev.bea.com/pub/advisory/22", "name" : "BEA03-30.00", "refsource" : "BEA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing (\"shoulder surfing\") the screen." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-10T19:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1225", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7563", "name" : "7563", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://dev2dev.bea.com/pub/advisory/22", "name" : "BEA03-30.00", "refsource" : "BEA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-10T19:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1226", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7563", "name" : "7563", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7587", "name" : "7587", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://dev2dev.bea.com/pub/advisory/22", "name" : "BEA03-30.00", "refsource" : "BEA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-10T19:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1227", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/341044", "name" : "20031011 Gallery 1.4 including file vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/341098", "name" : "20031012 Re: Gallery 1.4 including file vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8814", "name" : "8814", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.securityfocus.com/archive/1/341094", "name" : "20031011 RE: Gallery 1.4 including file vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13419", "name" : "gallery-indexphp-file-include(13419)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.4_pl1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1228", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securiteam.com/unixfocus/5FP0C1FCAW.html", "name" : "http://www.securiteam.com/unixfocus/5FP0C1FCAW.html", "refsource" : "MISC", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9871", "name" : "9871", "refsource" : "BID", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://secunia.com/advisories/10385/", "name" : "10385", "refsource" : "SECUNIA", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=107064887507504&w=2", "name" : "20031205 [Fwd: Security Alert; possible buffer overflow in all Mathopd versions]", "refsource" : "BUGTRAQ", "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://marc.info/?l=bugtraq&m=107090601705839&w=2", "name" : "20031208 Re: [Fwd: Security Alert; possible buffer overflow in all Mathopd", "refsource" : "BUGTRAQ", "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15474", "name" : "mathopd-preparereply-bo(15474)", "refsource" : "XF", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the prepare_reply function in request.c for Mathopd 1.2 through 1.5b13, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via an HTTP request with a long path." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mathopd:mathopd:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.2", "versionEndExcluding" : "1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mathopd:mathopd:1.5:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mathopd:mathopd:1.5:beta13:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2021-06-01T14:17Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1229", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0334.html", "name" : "20030128 Incorrect Certificate Validation in Java Secure Socket Extension", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://java.sun.com/products/jsse/CHANGES.txt", "name" : "http://java.sun.com/products/jsse/CHANGES.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0301-239", "name" : "HPSBUX0301-239", "refsource" : "HP", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50081-1", "name" : "50081", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6682", "name" : "6682", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/7943", "name" : "7943", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securitytracker.com/id?1006001", "name" : "1006001", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1006007", "name" : "1006007", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1007483", "name" : "1007483", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11182", "name" : "sun-java-improper-validation(11182)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5883", "name" : "oval:org.mitre.oval:def:5883", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:java_web_start:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:java_web_start:1.0.1_01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_01:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_01a:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3_02:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4.1:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update2:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update5:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1_03:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4.0_02:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:java_web_start:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_01:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.0_05:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.0_02:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_03:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1_03:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.0_02:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_05:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4.0_02:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.0_05:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1:update1:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.0_02:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1_05:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update1:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1_05:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.1:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.0_02:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1_03:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.1:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_03:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_05:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1_05:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4.1:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1:update1a:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_03:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:java_web_start:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1:update1:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.1:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update2:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3_05:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:java_web_start:1.0.1_02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jsse:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_05:*:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4.1:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update5:windows:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update2:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update5:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4.0_02:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.0_02:*:linux:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1230", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/advisories/5013", "name" : "FreeBSD-SA-03:03", "refsource" : "FREEBSD", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6920", "name" : "6920", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/8142/", "name" : "8142", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/19785", "name" : "19785", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11397", "name" : "freebsd-syncookie-brute-force(11397)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct brute force ISN guessing attacks and spoof legitimate traffic." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:stable:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1231", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securiteam.com/unixfocus/6D00F2A95C.html", "name" : "http://www.securiteam.com/unixfocus/6D00F2A95C.html", "refsource" : "MISC", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9244", "name" : "9244", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1008522", "name" : "1008522", "refsource" : "SECTRACK", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/10458", "name" : "10458", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14032", "name" : "ecwshop-cat-xss(14032)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ecw-shop:ecw-shop:5.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ecw-shop:ecw-shop:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1232", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/005089.html", "name" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/005089.html", "refsource" : "MISC", "tags" : [ "Patch" ] }, { "url" : "http://groups.google.com/group/gnu.emacs.bug/browse_frm/thread/9424ec1b2fdae321/c691a2da8904db0f?hl=en&lr=&ie=UTF-8&oe=UTF-8&rnum=1&prev=/groups%3Fq%3Dguninski%2Bemacs%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Dmailman.763.1041357806.19936.bug-gnu-emacs%2540gnu.org%26rnum%3D1#c691a2da8904db0f", "name" : "http://groups.google.com/group/gnu.emacs.bug/browse_frm/thread/9424ec1b2fdae321/c691a2da8904db0f?hl=en&lr=&ie=UTF-8&oe=UTF-8&rnum=1&prev=/groups%3Fq%3Dguninski%2Bemacs%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Dmailman.763.1041357806.19936.bug-gnu-emacs%2540gnu.org%26rnum%3D1#c691a2da8904db0f", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286183", "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286183", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/17496", "name" : "17496", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:208", "name" : "MDKSA-2005:208", "refsource" : "MANDRIVA", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/15375", "name" : "15375", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:emacs:21.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.1 }, "severity" : "MEDIUM", "exploitabilityScore" : 4.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2011-03-08T02:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1233", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0018.html", "name" : "20030103 Another way to bypass Integrity Protection Driver ('subst' vuln)", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.phrack.org/show.php?p=59&a=16", "name" : "http://www.phrack.org/show.php?p=59&a=16", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0017.html", "name" : "20030103 Pedestal Software Security Notice", "refsource" : "BUGTRAQ", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6511", "name" : "6511", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/7816", "name" : "7816", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10979", "name" : "ipd-ntcreatesymboliclinkobject-subs-symlink(10979)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \\Device\\PhysicalMemory or (2) to a drive letter using the subst command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pedestal_software:integrity_protection_driver:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pedestal_software:integrity_protection_driver:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1234", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0057.html", "name" : "20030107 FreeBSD Security Advisory FreeBSD-SA-02:44.filedesc", "refsource" : "BUGTRAQ", "tags" : [ "Patch" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0006.html", "name" : "20030106 PDS: Integer overflow in FreeBSD kernel", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:44.filedesc.asc", "name" : "FreeBSD-SA-02:44", "refsource" : "FREEBSD", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.pine.nl/press/pine-cert-20030101.txt", "name" : "http://www.pine.nl/press/pine-cert-20030101.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.iss.net/security_center/static/10993.php", "name" : "freebsd-kernel-integer-overflow(10993)", "refsource" : "XF", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6524", "name" : "6524", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.securitytracker.com/id?1005898", "name" : "1005898", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7821", "name" : "7821", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/305308/30/26420/threaded", "name" : "20030106 PDS: Integer overflow in FreeBSD kernel", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.1.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:1.1.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2:current:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.10:release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.10:release_p8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.10:releng:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.11:releng:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.9:releng:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.11:release_p3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.11:stable:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.1.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:3.5.1:release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:release:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 3.6 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1235", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-04/0014.html", "name" : "20030331 BRS WebWeaver: full disclosure", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.iss.net/security_center/static/11686.php", "name" : "webweaver-testcgi-info-disclosure(11686)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7283", "name" : "7283", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server environment information via a URL request for testcgi.exe, which lists the values of environment variables and the current working directory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:brs:webweaver:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:brs:webweaver:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:brs:webweaver:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1236", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/305663", "name" : "20030108 Tanne Remote format string exploit (Proof of Concept)", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0011.html", "name" : "20030107 [INetCop Security Advisory] Remote format string vulnerability in Tanne.", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.securityfocus.com/archive/1/305460", "name" : "20030107 [INetCop Security Advisory] Remote format string vulnerability in Tanne.", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://tanne.fluxnetz.de/download/tanne-0.7.1.tar.bz2", "name" : "http://tanne.fluxnetz.de/download/tanne-0.7.1.tar.bz2", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6553", "name" : "6553", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.iss.net/security_center/static/11006.php", "name" : "tanne-logger-format-string(11006)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005900", "name" : "1005900", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7831", "name" : "7831", "refsource" : "SECUNIA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tanne:tanne:0.6.17:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1237", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0274.html", "name" : "20030222 [SCSA-007] Cross Site Scripting Vulnerabilities in WWWBoard", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.iss.net/security_center/static/11383.php", "name" : "wwwboard-message-xss(11383)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6918", "name" : "6918", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via a message post." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:matt_wright:wwwboard:2.0a2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:matt_wright:wwwboard:2.0a2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1238", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0276.html", "name" : "20030221 [SCSA-006] XSS & Function Execution Vulnerabilities in Nuked-Klan", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html", "name" : "20030318 Some XSS vulns", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6916", "name" : "6916", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.iss.net/security_center/static/11420.php", "name" : "nuked-klan-team-xss(11420)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and earlier allows remote attackers to steal authentication information via cookies by injecting arbitrary HTML or script into op of the (1) Team, (2) News, and (3) Liens modules." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nuked-klan:nuked-klan:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nuked-klan:nuked-klan:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nuked-klan:nuked-klan:1.3_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nuked-klan:nuked-klan:1.2_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1239", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0092.html", "name" : "20030223 WihPhoto (PHP)", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.securityfocus.com/archive/1/312966", "name" : "20030223 WihPhoto (PHP)", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6929", "name" : "6929", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.iss.net/security_center/static/11429.php", "name" : "wihphoto-sendphoto-file-disclosure(11429)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via .. specifiers in the album parameter, and the target filename in the pic parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wihphoto:wihphoto:0.86:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1240", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0320.html", "name" : "20030225 PHP code injection in CuteNews", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6935", "name" : "6935", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.iss.net/security_center/static/11417.php", "name" : "cutenews-php-file-include(11417)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cutephp:cutenews:0.88:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1241", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0089.html", "name" : "20030221 Myguestbook (PHP)", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/312762", "name" : "20030221 Myguestbook (PHP)", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6906", "name" : "6906", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via script injected into the pseudo, email, and message parameters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:levcgi.com:myguestbook:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1242", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0236.html", "name" : "20030219 XSS and Path Disclosure in Sage", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6893", "name" : "6893", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.iss.net/security_center/static/11372.php", "name" : "sage-module-path-disclosure(11372)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sage:sage:1.0_beta_3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1243", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0236.html", "name" : "20030219 XSS and Path Disclosure in Sage", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6894", "name" : "6894", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11371", "name" : "sage-mod-xss(11371)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sage:sage:1.0_beta_3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1244", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html", "name" : "20030220 phpBB Security Bugs", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6888", "name" : "6888", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.iss.net/security_center/static/11376.php", "name" : "phpbb-pageheader-sql-injection(11376)", "refsource" : "XF", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1245", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0302.html", "name" : "20030224 Mambo SiteServer exploit gains administrative privileges", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6926", "name" : "6926", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11398", "name" : "mambo-sessionid-gain-privileges(11398)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:mambo:mambo_site_server:4.0.12_rc2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1246", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0018.html", "name" : "20030103 Another way to bypass Integrity Protection Driver ('subst' vuln)", "refsource" : "BUGTRAQ", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0017.html", "name" : "20030103 Pedestal Software Security Notice", "refsource" : "BUGTRAQ", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6511", "name" : "6511", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.iss.net/security_center/static/10979.php", "name" : "ipd-ntcreatesymboliclinkobject-subs-symlink(10979)", "refsource" : "XF", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \\winnt\\system32\\drivers using the subst command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pedestal_software:integrity_protection_driver:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pedestal_software:integrity_protection_driver:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1247", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/305313", "name" : "20030106 Remote root vuln in HSphere WebShell", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url" : "http://psoft.net/misc/webshell_patch.html", "name" : "http://psoft.net/misc/webshell_patch.html", "refsource" : "MISC", "tags" : [ "Patch" ] }, { "url" : "http://www.iss.net/security_center/static/10999.php", "name" : "hsphere-webshell-readfile-bo(10999)", "refsource" : "XF", "tags" : [ "Patch" ] }, { "url" : "http://www.iss.net/security_center/static/11002.php", "name" : "hsphere-webshell-diskusage-bo(11002)", "refsource" : "XF", "tags" : [ "Patch" ] }, { "url" : "http://www.iss.net/security_center/static/11003.php", "name" : "hsphere-webshell-flist-bo(11003)", "refsource" : "XF", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6537", "name" : "6537", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6538", "name" : "6538", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6540", "name" : "6540", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6527", "name" : "6527", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005893", "name" : "1005893", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7832", "name" : "7832", "refsource" : "SECUNIA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:positive_software:h-sphere:2.3_rc3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1248", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/305313", "name" : "20030106 Remote root vuln in HSphere WebShell", "refsource" : "BUGTRAQ", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://psoft.net/misc/webshell_patch.html", "name" : "http://psoft.net/misc/webshell_patch.html", "refsource" : "MISC", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6537", "name" : "6537", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6539", "name" : "6539", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.iss.net/security_center/static/11001.php", "name" : "hsphere-webshell-encodefilename-execution(11001)", "refsource" : "XF", "tags" : [ "Patch" ] }, { "url" : "http://www.securitytracker.com/id?1005893", "name" : "1005893", "refsource" : "SECTRACK", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:positive_software:h-sphere:2.3_rc3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1249", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0014.html", "name" : "20030109 WebIntelligence session hijacking vulnerability", "refsource" : "VULNWATCH", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/305991", "name" : "20030109 WebIntelligence session hijacking vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11026.php", "name" : "webintelligence-session-hijacking(11026)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6569", "name" : "6569", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.securitytracker.com/id?1005906", "name" : "1005906", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7846", "name" : "7846", "refsource" : "SECUNIA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:businessobjects:webintelligence:2.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1250", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0015.html", "name" : "20030110 Efficient Networks 5861 DSL Router", "refsource" : "VULNWATCH", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/308008", "name" : "20030123 5861 IP Filtering issues", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/306081", "name" : "20030110 Efficient Networks 5861 DSL Router", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11032.php", "name" : "efficient-dsl-portscan-dos(11032)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6573", "name" : "6573", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005910", "name" : "1005910", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1005980", "name" : "1005980", "refsource" : "SECTRACK", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Efficient Networks 5861 DSL router, when running firmware 5.3.80 configured to block incoming TCP SYN, packets allows remote attackers to cause a denial of service (crash) via a flood of TCP SYN packets to the WAN interface using a port scanner such as nmap." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:efficient_networks:5861_dsl_router:5.3.80_firmware:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1251", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0005.html", "name" : "20030102 N/X (PHP)", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.iss.net/security_center/static/10969.php", "name" : "nx-file-include(10969)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6500", "name" : "6500", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/7808", "name" : "7808", "refsource" : "SECUNIA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php (mistakenly referred to as mass_opeations.inc.php) scripts in N/X 2002 allow remote attackers to execute arbitrary PHP code via a c_path that references a URL on a remote web server that contains the code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nx:n_x_web_content_management_system_2002:prerelease1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1252", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0004.html", "name" : "20030105 A security vulnerability in S8Forum", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/305406", "name" : "20030105 A security vulnerability in S8Forum", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/10974.php", "name" : "s8forum-register-command-execution(10974)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6547", "name" : "6547", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.securitytracker.com/id?1005881", "name" : "1005881", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7819", "name" : "7819", "refsource" : "SECUNIA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using a \"system($cmd)\" E-mail address with a \"any_name.php\" username." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kelli_shaver:s8forum:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1253", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html", "name" : "20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11009.php", "name" : "bookmark4u-file-include(11009)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sangwan_kim:bookmark4u:1.8.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1254", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html", "name" : "20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6545", "name" : "6545", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.iss.net/security_center/static/11010.php", "name" : "apb-apbsettings-file-include(11010)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute arbitrary PHP code via (1) head.php, (2) apb_common.php, or (3) apb_view_class.php by modifying the APB_SETTINGS parameter to reference a URL on a remote web server that contains the code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:active_php_bookmarks:active_php_bookmarks:1.1.01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1255", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html", "name" : "20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6546", "name" : "6546", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11011", "name" : "apb-addbookmark-authentication-bypass(11011)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to add arbitrary bookmarks as other users using a modified auth_user_id parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:active_php_bookmarks:active_php_bookmarks:1.1.01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1256", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0009.html", "name" : "20030106 E-theni (PHP)", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.securityfocus.com/archive/1/305381", "name" : "20030106 E-theni (PHP)", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6970", "name" : "6970", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.iss.net/security_center/static/11013.php", "name" : "etheni-afflistelangue-file-include(11013)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "aff_liste_langue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the rep_include parameter to reference a URL on a remote web server that contains para_langue.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:e-theni:e-theni:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1257", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0009.html", "name" : "20030106 E-theni (PHP)", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.securityfocus.com/archive/1/305381", "name" : "20030106 E-theni (PHP)", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.iss.net/security_center/static/11012.php", "name" : "etheni-findthenihome-information-disclosure(11012)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "find_theni_home.php in E-theni allows remote attackers to obtain sensitive system information via a URL request which executes phpinfo." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:e-theni:e-theni:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1258", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0017.html", "name" : "20030110 vulnerability in versatile BulletinBoard Allows Gaining Administrative Privileges.", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.iss.net/security_center/static/11044.php", "name" : "vbb-unauthorized-privileges(11044)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows remote attackers to gain unauthorized administrative access via a URL request with the uid parameter set to the webmaster uid." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:versatilebulletinboard:versatilebulletinboard:0.9.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:versatilebulletinboard:versatilebulletinboard:0.9.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1259", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0026.html", "name" : "20030104 CuteFTP: buffer overflow", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/325659", "name" : "20030618 Re: CuteFTP 5.0 XP, Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ "Patch" ] }, { "url" : "http://www.iss.net/security_center/static/10984.php", "name" : "cuteftp-ftp-banner-bo(10984)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6518", "name" : "6518", "refsource" : "BID", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:globalscape:cuteftp:4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:globalscape:cuteftp:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1260", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0123.html", "name" : "20030118 CuteFTP 5.0 XP, Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/325659", "name" : "20030618 Re: CuteFTP 5.0 XP, Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ "Patch" ] }, { "url" : "http://www.iss.net/security_center/static/11093.php", "name" : "cuteftp-list-command-bo(11093)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6642", "name" : "6642", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0087.html", "name" : "20030205 Re: CuteFTP 5.0 XP, Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://seclists.org/lists/fulldisclosure/2003/Jan/0126.html", "name" : "20030107 CuteFTP 5.0 XP, Buffer Overflow", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.osvdb.org/2181", "name" : "2181", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7898", "name" : "7898", "refsource" : "SECUNIA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in CuteFTP 5.0 allows remote attackers to execute arbitrary code via a long response to a LIST command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:globalscape:cuteftp:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.6 }, "severity" : "HIGH", "exploitabilityScore" : 4.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1261", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/310710", "name" : "20030206 Re: CuteFTP 5.0 XP, Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6786", "name" : "6786", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.iss.net/security_center/static/11275.php", "name" : "cuteftp-url-clipboard-bo(11275)", "refsource" : "XF", "tags" : [ "Patch" ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0087.html", "name" : "20030205 Re: CuteFTP 5.0 XP, Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/325659", "name" : "20030618 Re: CuteFTP 5.0 XP, Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a denial of service (crash) by copying a long URL into a clipboard." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:globalscape:cuteftp:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:globalscape:cuteftp:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1262", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/305340", "name" : "20030106 [INetCop Security Advisory] Buffer Overflow vulnerability in HTTP Fetcher Library.", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.iss.net/security_center/static/11000.php", "name" : "http-fetcher-httpfetch-bo(11000)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6531", "name" : "6531", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.linuxsecurity.com/content/view/104480/104/", "name" : "GLSA-200301-6", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7823", "name" : "7823", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104195613529429&w=2", "name" : "20030107 GLSA: http-fetcher", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request via a long (1) host, (2) referer, or (3) userAgent value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:http_fetcher:http_fetcher_library:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:http_fetcher:http_fetcher_library:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2016-10-18T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1263", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0011.html", "name" : "20030103 ical 3.7 remote dos", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/10973.php", "name" : "ical-icalexe-port-dos(10973)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6506", "name" : "6506", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6505", "name" : "6505", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, possibly due to an invalid method name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brown_bear_software:ical:3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1264", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/305391", "name" : "20030106 Re: Longshine WLAN Access-Point LCS-883R VU#310201", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/archive/1/305344", "name" : "20030106 Longshine WLAN Access-Point LCS-883R VU#310201", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.iss.net/security_center/static/10997.php", "name" : "longshine-ap-tftp-access(10997)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6533", "name" : "6533", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005897", "name" : "1005897", "refsource" : "SECTRACK", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without authentication." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:d-link:di-614\\+:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:longshine_technologie:longshine_wireless_ethernet_access_point:lcs-883r-ac-b:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1265", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html", "name" : "20030101 Potential disclosure of sensitive information in Netscape 7.0 email client", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/10963.php", "name" : "netscape-email-deletion-failure(10963)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6499", "name" : "6499", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005871", "name" : "1005871", "refsource" : "SECTRACK", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1266", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0022.html", "name" : "20030104 EServ/2.97 remote DoS", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.iss.net/security_center/static/10975.php", "name" : "eserv-remote-data-dos(10975)", "refsource" : "XF", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6519", "name" : "6519", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6520", "name" : "6520", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6521", "name" : "6521", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6522", "name" : "6522", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 through 2.97, and possibly 2.98, allow remote attackers to cause a denial of service (crash) via a large amount of data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:etype:eserv:2.93:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:etype:eserv:2.94:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:etype:eserv:2.95:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:etype:eserv:2.96:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:etype:eserv:2.97:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:etype:eserv:2.92:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:etype:eserv:2.98:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1267", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securiteam.com/windowsntfocus/5SP030A8UO.html", "name" : "http://www.securiteam.com/windowsntfocus/5SP030A8UO.html", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.iss.net/security_center/static/10964.php", "name" : "guildftpd-aux-port-dos(10964)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005864", "name" : "1005864", "refsource" : "SECTRACK", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GuildFTPd 0.999 allows remote attackers to cause a denial of service (crash) via a GET request for MS-DOS device names such as lpt1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:steve_poulsen:guildftpd:0.999:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1268", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/305685", "name" : "20030108 a.shopKart Shopping Cart remote vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.centaura.com.ar/infosec/adv/ashopkart.txt", "name" : "http://www.centaura.com.ar/infosec/adv/ashopkart.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.iss.net/security_center/static/11029.php", "name" : "ashopkart-multiple-sql-injection(11029)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6558", "name" : "6558", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/37036", "name" : "37036", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.osvdb.org/37037", "name" : "37037", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.osvdb.org/37038", "name" : "37038", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005903", "name" : "1005903", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7838", "name" : "7838", "refsource" : "SECUNIA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) addprod.asp, and (3) process.asp in a.shopKart 2.0.3 allow remote attackers to execute arbitrary SQL and obtain sensitive information via the zip, state, country, phone, and fax parameters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:urlogy:a.shop.kart:2.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1269", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/305234", "name" : "20030104 AN HTTPd v.1.41e: DoS, CSS, real patch attack", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/10976.php", "name" : "an-http-path-disclosure(10976)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6528", "name" : "6528", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:an:an-http:1.41e:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1270", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/305234", "name" : "20030104 AN HTTPd v.1.41e: DoS, CSS, real patch attack", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/10978.php", "name" : "an-http-script-dos(10978)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "AN HTTP 1.41e allows remote attackers to cause a denial of service (borken pipe) via an HTTP request to aux.cgi with a long argument, possibly triggering a buffer overflow or MS-DOS device vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:an:an-http:1.41e:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1271", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/305234", "name" : "20030104 AN HTTPd v.1.41e: DoS, CSS, real patch attack", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/10977.php", "name" : "an-http-script-xss(10977)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6529", "name" : "6529", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows remote attackers to execute arbitrary web script or HTML as other users via a URL containing the script." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:an:an-http:1.41e:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1272", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html", "name" : "20030104 WinAmp v.3.0: buffer overflow", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/10980.php", "name" : "winamp-b4s-playlistname-bo(10980)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6515", "name" : "6515", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6516", "name" : "6516", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10981", "name" : "winamp-b4s-path-bo(10981)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1273", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html", "name" : "20030104 WinAmp v.3.0: buffer overflow", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6517", "name" : "6517", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10982", "name" : "winamp-b4s-playlistname-dos(10982)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1274", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html", "name" : "20030104 WinAmp v.3.0: buffer overflow", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10983", "name" : "winamp-b4s-path-dos(10983)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1275", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0013.html", "name" : "20030103 JS Bug makes it possible to deliberately crash Pocket PC IE", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6507", "name" : "6507", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.iss.net/security_center/static/11004.php", "name" : "pie-javascript-objectinnerhtml-dos(11004)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:pocket_ie:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1276", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0046.html", "name" : "20030103 Multiple Issues in Nettelephone Dialer", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11007.php", "name" : "nettelephone-insecure-account-information(11007)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's and stores user account numbers in plaintext in the HKEY_CURRENT_USER\\Software\\MediaRing.com\\SDK\\NetTelephone\\settings registry key, which could allow local users to gain unauthorized access to NetTelephone accounts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nettelephone:nettelephone:3.5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1277", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securiteam.com/unixfocus/5BP061F8US.html", "name" : "http://www.securiteam.com/unixfocus/5BP061F8US.html", "refsource" : "MISC", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securiteam.com/unixfocus/5BP051F8VE.html", "name" : "http://www.securiteam.com/unixfocus/5BP051F8VE.html", "refsource" : "MISC", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/10990.php", "name" : "yabb-se-index-xss(10990)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.iss.net/security_center/static/10989.php", "name" : "yabb-newstemplate-xss(10989)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yabb:yabb:1.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1278", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/305232", "name" : "20030104 OpenTopic security hole", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/10985.php", "name" : "opentopic-img-xss(10985)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6523", "name" : "6523", "refsource" : "BID", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into IMG tags." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:infopop:opentopic:2.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1279", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/305342", "name" : "20030105 S-plus /tmp usage", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11005.php", "name" : "splus-tmp-file-symlink(11005)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6530", "name" : "6530", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005896", "name" : "1005896", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7833", "name" : "7833", "refsource" : "SECUNIA", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "S-PLUS 6.0 allows local users to overwrite arbitrary files and possibly elevate privileges via a symlink attack on (1) /tmp/__F8499 by Sqpe, (2) /tmp/PRINT.$$.out by PRINT, (3) /tmp/SUBST$PID.TXT and /tmp/ed.cmds$PID by mustfix.hlinks, (4) /tmp/file.1 and /tmp/file.2 by sas_get, (5) /tmp/file.1 by sas_vars, and (6) /tmp/sgml2html$$tmp /tmp/sgml2html$$tmp1 /tmp/sgml2html$$tmp2 by sglm2html." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:insightful:s-plus:6.0:*:unix:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1280", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/305469", "name" : "20030107 Multiple cgihtml vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6550", "name" : "6550", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.iss.net/security_center/static/11022.php", "name" : "cgihtml-dotdot-directory-traversal(11022)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in cgihtml 1.69 allows remote attackers to overwrite and create arbitrary files via a .. (dot dot) in multipart/form-data uploads." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eekim:cgihtml:1.69:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1281", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/305469", "name" : "20030107 Multiple cgihtml vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6552", "name" : "6552", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.iss.net/security_center/static/11023.php", "name" : "cgihtml-tmpfile-symlink(11023)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "cgihtml 1.69 allows local users to overwrite arbitrary files via a symlink attack on certain temporary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eekim:cgihtml:1.69:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1282", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securiteam.com/securitynews/5CP061F8VS.html", "name" : "http://www.securiteam.com/securitynews/5CP061F8VS.html", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.iss.net/security_center/static/11016.php", "name" : "ibm-netdata-view-variables(11016)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005890", "name" : "1005890", "refsource" : "SECTRACK", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE), (3) $(LOGIN), (4) $(PASSWORD), and possibly other predefined variables that can be echoed back to the user via a web form." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:ibm:net.data:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1283", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0056.html", "name" : "20030107 KaZaA - Bad Zone", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6543", "name" : "6543", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.iss.net/security_center/static/11031.php", "name" : "kazaa-ad-local-zone(11031)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet Explorer (IE) local security zone, which could allow remote attackers to view local files and possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kazaa:kazaa_media_desktop:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1284", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true", "name" : "20030925 Sambar Server Multiple Vulnerabilities", "refsource" : "IDEFENSE", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.sambar.com/security.htm", "name" : "http://www.sambar.com/security.htm", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securitytracker.com/id?1007819", "name" : "1007819", "refsource" : "SECTRACK", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/9578", "name" : "9578", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13305", "name" : "sambar-multiple-vulnerabilities(13305)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sambar Server before 6.0 beta 6 allows remote attackers to obtain sensitive information via direct requests to the default scripts (1) environ.pl and (2) testcgi.exe." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1285", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true", "name" : "20030925 Sambar Server Multiple Vulnerabilities", "refsource" : "IDEFENSE", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.sambar.com/security.htm", "name" : "http://www.sambar.com/security.htm", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/5782", "name" : "5782", "refsource" : "OSVDB", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.osvdb.org/5783", "name" : "5783", "refsource" : "OSVDB", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.osvdb.org/5784", "name" : "5784", "refsource" : "OSVDB", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.osvdb.org/5785", "name" : "5785", "refsource" : "OSVDB", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.osvdb.org/5805", "name" : "5805", "refsource" : "OSVDB", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://securitytracker.com/id?1007819", "name" : "1007819", "refsource" : "SECTRACK", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/9578", "name" : "9578", "refsource" : "SECUNIA", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16056", "name" : "sambar-multiple-xss(16056)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13305", "name" : "sambar-multiple-vulnerabilities(13305)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta4:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1286", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-04/0353.html", "name" : "20040430 SECURITY.NNOV: Sambar security quest", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true", "name" : "20030925 Sambar Server Multiple Vulnerabilities", "refsource" : "IDEFENSE", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.sambar.com/security.htm", "name" : "http://www.sambar.com/security.htm", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/10256", "name" : "10256", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://securitytracker.com/id?1007819", "name" : "1007819", "refsource" : "SECTRACK", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/9578", "name" : "9578", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16054", "name" : "sambar-http-gain-access(16054)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a \"Connection: keep-alive\" request before the proxy requests." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1287", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true", "name" : "20030925 Sambar Server Multiple Vulnerabilities", "refsource" : "IDEFENSE", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-04/0353.html", "name" : "20040430 SECURITY.NNOV: Sambar security quest", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.sambar.com/security.htm", "name" : "http://www.sambar.com/security.htm", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/5781", "name" : "5781", "refsource" : "OSVDB", "tags" : [ "Patch" ] }, { "url" : "http://securitytracker.com/id?1007819", "name" : "1007819", "refsource" : "SECTRACK", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/9578", "name" : "9578", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16059", "name" : "sambar-post-code-execution(16059)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1288", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://list.linux-vserver.org/archive/vserver/msg05630.html", "name" : "[Vserver] 20031218 SMP oops 2.4.23 v1.22", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "http://list.linux-vserver.org/archive/vserver/msg05631.html", "name" : "[Vserver] 20031219 Re: SMP oops 2.4.23 v1.22", "refsource" : "MLIST", "tags" : [ "Exploit" ] }, { "url" : "http://list.linux-vserver.org/archive/vserver/msg05658.html", "name" : "[Vserver] 20031220 Re: SMP oops 2.4.23 v1.22", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "http://linux-vserver.org/ChangeLog", "name" : "http://linux-vserver.org/ChangeLog", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.osvdb.org/7587", "name" : "7587", "refsource" : "OSVDB", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.23 and SMP allow local users to cause a denial of service (kernel oops) via unknown attack vectors related to the (1) s_info and (2) ip_info data structures and the (a) forget_original_parent, (b) goodness, (c) schedule, (d) update_process_times, and (e) vc_new_s_context functions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vserver:linux-vserver:1.22:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1289", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:10.ibcs2.asc", "name" : "FreeBSD-SA-03:10", "refsource" : "FREEBSD", "tags" : [ ] }, { "url" : "http://www.osvdb.org/2406", "name" : "2406", "refsource" : "OSVDB", "tags" : [ "Patch" ] }, { "url" : "http://securitytracker.com/id?1007460", "name" : "1007460", "refsource" : "SECTRACK", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/9504", "name" : "9504", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12892", "name" : "freebsd-ibcs2-kernel-memory(12892)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:*:release_p1:*:*:*:*:*:*", "versionEndIncluding" : "5.1", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:*:release_p2:*:*:*:*:*:*", "versionEndIncluding" : "4.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-20T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1290", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://dev2dev.bea.com/pub/advisory/162", "name" : "BEA03-43.00", "refsource" : "BEA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/9034", "name" : "9034", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/16215", "name" : "16215", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/3064", "name" : "3064", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10218", "name" : "10218", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/18396", "name" : "18396", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13752", "name" : "weblogic-mbeanhome-obtain-information(13752)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp3:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp6:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp4:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:sp2:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp3:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp5:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-20T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1291", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.vmware.com/download/esx/esx152-patch4.html", "name" : "http://www.vmware.com/download/esx/esx152-patch4.html", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.osvdb.org/21585", "name" : "21585", "refsource" : "OSVDB", "tags" : [ "Patch" ] }, { "url" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_sid=dsxk*BWh&p_lva=&p_faqid=1108", "name" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_sid=dsxk*BWh&p_lva=&p_faqid=1108", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:vmware:esx:1.5.2:patch2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:vmware:esx:1.5.2:patch3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:vmware:esx:1.5.2:patch1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1292", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/329910", "name" : "20030720 sorry, wrong file", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0969.html", "name" : "20060130 Re: ashnews Cross-Site Scripting Vulnerability", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0979.html", "name" : "20060131 Re: ashnews Cross-Site Scripting Vulnerability", "refsource" : "FULLDISC", "tags" : [ "Exploit" ] }, { "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0980.html", "name" : "20060131 Re: ashnews Cross-Site Scripting Vulnerability", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://forums.ashwebstudio.com/viewtopic.php?t=353&start=0", "name" : "http://forums.ashwebstudio.com/viewtopic.php?t=353&start=0", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/16436", "name" : "16436", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/9331", "name" : "9331", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/18248", "name" : "18248", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://www.exploit-db.com/exploits/1864", "name" : "1864", "refsource" : "EXPLOIT-DB", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ashwebstudio:ashnews:0.83:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1293", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/326506", "name" : "20030724 GuestBookHost : Cross Site Scripting", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8025", "name" : "8025", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb GuestBookHost allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Email and (3) Message fields when signing the guestbook." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nukedweb:guestbookhost:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1294", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.novell.com/linux/download/updates/90_i386.html", "name" : "http://www.novell.com/linux/download/updates/90_i386.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://jwz.livejournal.com/310943.html", "name" : "http://jwz.livejournal.com/310943.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286", "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968", "name" : "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/9125", "name" : "9125", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2006-0498.html", "name" : "RHSA-2006:0498", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/20224", "name" : "20224", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/20226", "name" : "20226", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm", "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/20456", "name" : "20456", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc", "name" : "20060602-01-U", "refsource" : "SGI", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/20782", "name" : "20782", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.vupen.com/english/advisories/2006/1948", "name" : "ADV-2006-1948", "refsource" : "VUPEN", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10848", "name" : "oval:org.mitre.oval:def:10848", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.05_6a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.07_2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.11_0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.12_58:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.05_150:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.10_15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.10_4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.14_2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.14_4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.05_5cl:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.05_6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.14_5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.08_29135cl:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.14_0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.10_8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.12_62:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.09_0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.10_6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1295", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.novell.com/linux/download/updates/90_i386.html", "name" : "http://www.novell.com/linux/download/updates/90_i386.html", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/9125", "name" : "9125", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors \"while verifying the user-password.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1296", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0083.html", "name" : "20031004 Vulnerabilities in Easy File Sharing Web Server (1.2 NEW)", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13360", "name" : "easyfilesharing-title-dos(13360)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Easy File Sharing (EFS) Web Server 1.2 allows remote authenticated users to cause a denial of service via (1) an \"empty symbol\" in the Title field or (2) certain data in the Your Message field, possibly a long argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:efs_software:efs_web_server:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-20T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1297", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0083.html", "name" : "20031004 Vulnerabilities in Easy File Sharing Web Server (1.2 NEW)", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/23794", "name" : "23794", "refsource" : "OSVDB", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.osvdb.org/23795", "name" : "23795", "refsource" : "OSVDB", "tags" : [ "Exploit", "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka options.ini) file and (2) log directory under the web root with insufficient access control, which allows remote attackers to obtain sensitive information including an SMTP account username and password hash, the server configuration, and server log files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:efs_software:efs_web_server:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1298", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.osvdb.org/23984", "name" : "23984", "refsource" : "OSVDB", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/17197", "name" : "17197", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/19359", "name" : "19359", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://nger.org/anyportal/forum/read.php?f=1&i=152&t=152#reply_152", "name" : "http://nger.org/anyportal/forum/read.php?f=1&i=152&t=152#reply_152", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.vupen.com/english/advisories/2006/1053", "name" : "ADV-2006-1053", "refsource" : "VUPEN", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25396", "name" : "anyportalphp-siteman-directory-traversal(25396)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple directory traversal vulnerabilities in siteman.php3 in AnyPortal(php) 12 MAY 00 allow remote attackers to (1) create, (2) delete, (3) save, and (4) upload files by navigating to the root directory and entering a filename beginning with \"./..\" (dot slash dot dot)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:anyportal_php:anyportal_php:0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-20T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1299", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.pablosoftwaresolutions.com/html/baby_ftp_server.html", "name" : "http://www.pablosoftwaresolutions.com/html/baby_ftp_server.html", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://packetstormsecurity.org/0305-exploits/baby.txt", "name" : "http://packetstormsecurity.org/0305-exploits/baby.txt", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/24538", "name" : "24538", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7749", "name" : "7749", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in Baby FTP Server 1.2, and possibly other versions before May 31, 2003 allows remote authenticated users to list arbitrary directories and possibly read files via \"...\" (triple dot) manipulations to the CWD command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pablo_software_solutions:baby_ftp_server:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2016-11-28T19:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1300", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.pablosoftwaresolutions.com/html/baby_ftp_server.html", "name" : "http://www.pablosoftwaresolutions.com/html/baby_ftp_server.html", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://packetstormsecurity.org/0305-exploits/baby.txt", "name" : "http://packetstormsecurity.org/0305-exploits/baby.txt", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/24539", "name" : "24539", "refsource" : "OSVDB", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Baby FTP Server (BabyFTP) 1.2, and possibly other versions before May 31, 2003, allows remote attackers to cause a denial of service via a large number of connections from the same IP address, which triggers an access violation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pablo_software_solutions:baby_ftp_server:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1301", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4396719", "name" : "http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4396719", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4944300", "name" : "http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4944300", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.illegalaccess.org/exploit/ObjectStackOverflow.html", "name" : "http://www.illegalaccess.org/exploit/ObjectStackOverflow.html", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/18058", "name" : "18058", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/434705/100/0/threaded", "name" : "20060521 Generic Browser Crash with Java 1.4.2_11, Java 1.5.0_06", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06, and as used in multiple web browsers, allows remote attackers to cause a denial of service (application crash) via deeply nested object arrays, which are not properly handled by the garbage collector and trigger invalid memory accesses." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-30T16:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1302", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040", "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://bugs.php.net/bug.php?id=22048", "name" : "http://bugs.php.net/bug.php?id=22048", "refsource" : "CONFIRM", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of \"\\\" (backslash) characters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-30T16:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1303", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040", "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://bugs.php.net/bug.php?id=24150", "name" : "http://bugs.php.net/bug.php?id=24150", "refsource" : "CONFIRM", "tags" : [ "Exploit" ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10346", "name" : "oval:org.mitre.oval:def:10346", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-30T16:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1304", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/0081.html", "name" : "20030705 [Vulnerability] : ProductCart database file can be downloaded remotely", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.earlyimpact.com/pdf/ProductCart_Security_Tips.pdf", "name" : "http://www.earlyimpact.com/pdf/ProductCart_Security_Tips.pdf", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8112", "name" : "8112", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9195", "name" : "9195", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9816", "name" : "shopping-cart-database-access(9816)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/438189/100/200/threaded", "name" : "20060622 productcart soltan_defacer", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information via a direct request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5003r:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6_br003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6br001:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6br003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6_b002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6_b003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b001:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5004:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6_b001:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6_b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6_br001:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b002:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6br:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6_br:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1305", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2003/07/msg00068.html", "name" : "20030707 Internet Explorer Crash", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/2291", "name" : "2291", "refsource" : "OSVDB", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Internet Explorer allows remote attackers to cause a denial of service (resource consumption) via a Javascript src attribute that recursively loads the current web page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0.2900:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1306", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/sf/www-mobile/2003-q3/0021.html", "name" : "[WWW-Mobile-Code] 20030706 can - IIS Version Disclosure", "refsource" : "MLIST", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/29370", "name" : "29370", "refsource" : "OSVDB", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/9194", "name" : "9194", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 \"Bad Request,\" which leak the Server header in the response." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:microsoft:urlscan:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.6 }, "severity" : "LOW", "exploitabilityScore" : 4.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1307", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/348368", "name" : "20031226 Hijacking Apache https by mod_php", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://bugs.php.net/38915", "name" : "http://bugs.php.net/38915", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://hackerdom.ru/~dimmo/phpexpl.c", "name" : "http://hackerdom.ru/~dimmo/phpexpl.c", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/9302", "name" : "9302", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/archive/1/449298/100/0/threaded", "name" : "20061020 Re: PHP \"exec\", \"system\", \"popen\" (+small POC)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/449234/100/0/threaded", "name" : "20061019 PHP \"exec\", \"system\", \"popen\" problem", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying \"The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.34:beta:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.28:beta:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.32:beta:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.46:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.1, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1308", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.fvwm.org/news/", "name" : "http://www.fvwm.org/news/", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/9161", "name" : "9161", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fvwm:fvwm:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.4.17", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fvwm:fvwm:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.5.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1309", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0070.html", "name" : "20030805 Local ZoneAlarm Firewall (probably all versions - tested on v3.1)", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://sec-labs.hack.pl/advisories/seclabs-adv-zone-alarm-04-08-2003.txt", "name" : "http://sec-labs.hack.pl/advisories/seclabs-adv-zone-alarm-04-08-2003.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://sec-labs.hack.pl/papers/win32ddc.php", "name" : "http://sec-labs.hack.pl/papers/win32ddc.php", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html", "name" : "http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8342", "name" : "8342", "refsource" : "BID", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/2375", "name" : "2375", "refsource" : "OSVDB", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/4362", "name" : "4362", "refsource" : "OSVDB", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/9459", "name" : "9459", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12824", "name" : "device-driver-gain-privileges(12824)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka \"Device Driver Attack\")." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zonelabs:zonealarm:3.7.211:*:plus:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zonelabs:zonealarm:3.7.211:*:pro:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zonelabs:zonealarm:3.7.202:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1310", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sec-labs.hack.pl/papers/win32ddc.php", "name" : "http://sec-labs.hack.pl/papers/win32ddc.php", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8329", "name" : "8329", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/4362", "name" : "4362", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9460", "name" : "9460", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12824", "name" : "device-driver-gain-privileges(12824)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka \"Device Driver Attack\")." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2002:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1311", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://curl.haxx.se/mail/archive-2003-05/0172.html", "name" : "[curl-users] 20030529 Re: https, redirection and authentication using POST", "refsource" : "MLIST", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/30741", "name" : "30741", "refsource" : "OSVDB", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:netegrity:siteminder:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1312", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://curl.haxx.se/mail/archive-2003-05/0172.html", "name" : "[curl-users] 20030529 Re: https, redirection and authentication using POST", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "http://www.osvdb.org/30741", "name" : "30741", "refsource" : "OSVDB", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:netegrity:siteminder:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1313", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/340244", "name" : "20031004 EMML, EMGB : Include() hole", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8767", "name" : "8767", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1007884", "name" : "1007884", "refsource" : "SECTRACK", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple PHP remote file inclusion vulnerabilities in EternalMart Mailing List Manager (EMLM) 1.32 allow remote attackers to execute arbitrary PHP code via a URL in (1) the emml_admin_path parameter to admin/auth.php or (2) the emml_path parameter to emml_email_func.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eternalmart:mailing_list_manager:1.32:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1314", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/340244", "name" : "20031004 EMML, EMGB : Include() hole", "refsource" : "VULNWATCH", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8767", "name" : "8767", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securitytracker.com/id?1007885", "name" : "1007885", "refsource" : "SECTRACK", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/21720", "name" : "21720", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://www.exploit-db.com/exploits/2980", "name" : "2980", "refsource" : "EXPLOIT-DB", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PHP remote file inclusion vulnerability in admin/auth.php in EternalMart Guestbook (EMGB) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the emgb_admin_path parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eternalmart:eternalmart_guestbook:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-10-19T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1315", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.neocrome.net/index.php?m=single&id=76", "name" : "http://www.neocrome.net/index.php?m=single&id=76", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.neocrome.net/page.php?id=1250", "name" : "http://www.neocrome.net/page.php?id=1250", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/9168", "name" : "9168", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/2943", "name" : "2943", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1008416", "name" : "1008416", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10396", "name" : "10396", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13922", "name" : "landdownunder-auth-sql-injection(13922)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 and earlier allows remote attackers to execute arbitrary SQL commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:neocrome:land_down_under:701:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1316", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8507", "name" : "8507", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/3666", "name" : "3666", "refsource" : "OSVDB", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securitytracker.com/id?1007592", "name" : "1007592", "refsource" : "SECTRACK", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/9622", "name" : "9622", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13042", "name" : "endonesia-mod-path-disclosure(13042)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive information via a ' (quote) value in the lng parameter, which reveals the path in an error message. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:endonesia:endonesia:8.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1317", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8506", "name" : "8506", "refsource" : "BID", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/2480", "name" : "2480", "refsource" : "OSVDB", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securitytracker.com/id?1007592", "name" : "1007592", "refsource" : "SECTRACK", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/9622", "name" : "9622", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13041", "name" : "endonesia-mod-xss(13041)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:endonesia:endonesia:8.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1318", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.tripbit.org/advisories/twilight_advisory.txt", "name" : "http://www.tripbit.org/advisories/twilight_advisory.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/22090", "name" : "22090", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://marc.info/?l=bugtraq&m=105820430209748&w=2", "name" : "20030713 TA-2003-07 Denial of Service Attack against Twilight WebServer v1.3.3.0", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial of service (application crash) via a GET request for a long URI, a different vulnerability than CVE-2004-2376." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:twilight_utilities:twilight_webserver:1.3.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2016-10-18T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1319", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-06/0083.html", "name" : "20030608 [SmartFTP] Two Buffer Overflow Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://security.nnov.ru/docs4679.html", "name" : "http://security.nnov.ru/docs4679.html", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7858", "name" : "7858", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7861", "name" : "7861", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://securitytracker.com/id?1006956", "name" : "1006956", "refsource" : "SECTRACK", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://secunia.com/advisories/8998", "name" : "8998", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12231", "name" : "smartftp-long-list-bo(12231)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12228", "name" : "smartftp-pwd-directory-bo(12228)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in SmartFTP 1.0.973, and other versions before 1.0.976, allow remote attackers to execute arbitrary code via (1) a long response to a PWD command, which triggers a stack-based overflow, and (2) a long line in a response to a file LIST command, which triggers a heap-based overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:smartftp:smartftp:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.973", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.6 }, "severity" : "HIGH", "exploitabilityScore" : 4.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1320", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-399" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kb.cert.org/vuls/id/AAMN-5L74VD", "name" : "http://www.kb.cert.org/vuls/id/AAMN-5L74VD", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/287771", "name" : "VU#287771", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) a large number of payloads, or (3) a long payload." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:sonicwall:firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.4.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.1 }, "severity" : "MEDIUM", "exploitabilityScore" : 4.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1321", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=106150462504484&w=2", "name" : "20030821 Buffer overflow in Avant Browser 8.02", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8471", "name" : "8471", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12974", "name" : "avantbrowser-http-bo(12974)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Avant Browser 8.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:avant_force:avant_browser:8.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1322", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/324136", "name" : "20030606 Multiple Buffer Overflow Vulnerabilities Found in MERCUR Mail server v.4.2 (SP2) - IMAP protocol", "refsource" : "BUGTRAQ", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7842", "name" : "7842", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.iss.net/security_center/static/12203.php", "name" : "mercur-multiple-bo(12203)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atrium_software:mercur_mailserver:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1323", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.elmme-mailer.org/elm-2.4ME+PL109S.patch.gz", "name" : "http://www.elmme-mailer.org/elm-2.4ME+PL109S.patch.gz", "refsource" : "CONFIRM", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Elm ME+ 2.4 before PL109S, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:elm_development_group:elm:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1324", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.elmme-mailer.org/elm-2.4ME+PL109S.patch.gz", "name" : "http://www.elmme-mailer.org/elm-2.4ME+PL109S.patch.gz", "refsource" : "CONFIRM", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Race condition in the can_open function in Elm ME+ 2.4, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:elmme-mailer:elm_me\\+:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1325", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://aluigi.altervista.org/adv/csdos.txt", "name" : "http://aluigi.altervista.org/adv/csdos.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://packetstormsecurity.org/0304-exploits/hl-headnut.c", "name" : "http://packetstormsecurity.org/0304-exploits/hl-headnut.c", "refsource" : "MISC", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.1.1.0 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a certain connection string to UDP port 27015 that represents \"absence of player informations,\" a related issue to CVE-2006-0734." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:valve_software:half-life_cstrike_dedicated_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.1.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:M/Au:S/C:N/I:N/A:C", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 5.2 }, "severity" : "MEDIUM", "exploitabilityScore" : 4.4, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1326", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/11258.php", "name" : "ie-dialog-zone-bypass(11258)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-038.shtml", "name" : "N-038", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6779", "name" : "6779", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49", "name" : "oval:org.mitre.oval:def:49", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178", "name" : "oval:org.mitre.oval:def:178", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126", "name" : "oval:org.mitre.oval:def:126", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004", "name" : "MS03-004", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka \"Improper Cross Domain Security Validation with dialog box.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-19T05:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1327", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html", "name" : "20030922 Wu_ftpd all versions (not) vulnerability.", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.365971", "name" : "SSA:2003-259-03", "refsource" : "SLACKWARE", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8668", "name" : "8668", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/2594", "name" : "2594", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1007775", "name" : "1007775", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9835", "name" : "9835", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13269", "name" : "wuftp-mailadmin-sockprintf-bo(13269)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.6.2", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1328", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.iss.net/security_center/static/11259.php", "name" : "ie-showhelp-zone-bypass(11259)", "refsource" : "XF", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html", "name" : "20030206 showHelp(\"file:\") disables security in IE - Sandblad advisory #11", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.kb.cert.org/vuls/id/400577", "name" : "VU#400577", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] }, { "url" : "http://www.ciac.org/ciac/bulletins/n-038.shtml", "name" : "N-038", "refsource" : "CIAC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6780", "name" : "6780", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57", "name" : "oval:org.mitre.oval:def:57", "refsource" : "OVAL", "tags" : [ ] }, { "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004", "name" : "MS03-004", "refsource" : "MS", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka \"Improper Cross Domain Security Validation with ShowHelp functionality.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-02-19T05:00Z", "lastModifiedDate" : "2018-10-12T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1329", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch", "name" : "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.osvdb.org/34670", "name" : "34670", "refsource" : "OSVDB", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ftpd.c in wu-ftpd 2.6.2, when running on \"operating systems that only allow one non-connected socket bound to the same local address,\" does not close failed connections, which allows remote attackers to cause a denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1330", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.mimesweeper.com/download/bin/Patches/MAILsweeper_Patches_301_ReadMe.htm", "name" : "http://www.mimesweeper.com/download/bin/Patches/MAILsweeper_Patches_301_ReadMe.htm", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7226", "name" : "7226", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11745", "name" : "mailsweeper-onstrip-bypass-filter(11745)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom \"on strip unsuccessful\" hooks, which allows remote attackers to bypass e-mail attachment filtering policies via an attachment that MAILsweeper can detect but not remove." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift_limited:mailsweeper:4.3.6_sp1:*:smtp:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1331", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2003-q2/1303.html", "name" : "20030612 libmysqlclient 4.x and below mysql_real_connect() buffer overflow.", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://bugs.mysql.com/bug.php?id=564", "name" : "http://bugs.mysql.com/bug.php?id=564", "refsource" : "CONFIRM", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7887", "name" : "7887", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12337", "name" : "mysql-mysqlrealconnect-bo(12337)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:gamma:*:*:*:*:*:*", "versionEndIncluding" : "4.0.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 4.9, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2019-10-07T16:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1332", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securiteam.com/exploits/5TP0M2AAKS.html", "name" : "http://www.securiteam.com/exploits/5TP0M2AAKS.html", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2003-096.html", "name" : "RHSA-2003:096", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12749", "name" : "samba-reply-nttrans-bo(12749)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.2.7a", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1333", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/8bdc0e496226edd1/60e9179edb4a4d43", "name" : "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/8bdc0e496226edd1/60e9179edb4a4d43", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to \"gain complete control\" of a server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:4.1.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:5.0.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:5.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:5.0.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:5.0.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:5.0.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:5.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:4.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:4.1.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2010-06-23T04:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1334", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.bitfolge.de/snif-en.html", "name" : "http://www.bitfolge.de/snif-en.html", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kai_blankenhorn_bitfolge:simple_and_nice_index_file:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.2.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2010-06-23T04:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1335", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.bitfolge.de/snif-en.html", "name" : "http://www.bitfolge.de/snif-en.html", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kai_blankenhorn_bitfolge:simple_and_nice_index_file:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.2.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2010-06-23T04:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1336", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0060.html", "name" : "20031015 mIRC Buffer Overflow in irc protocol handler", "refsource" : "NTBUGTRAQ", "tags" : [ "Patch" ] }, { "url" : "http://www.securiteam.com/windowsntfocus/6M00B0U8KE.html", "name" : "http://www.securiteam.com/windowsntfocus/6M00B0U8KE.html", "refsource" : "MISC", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/8819", "name" : "8819", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.osvdb.org/2665", "name" : "2665", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9996", "name" : "9996", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13405", "name" : "mirc-ircprotocol-execute-code(13405)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirc:mirc:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1337", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-06/0235.html", "name" : "20030629 Aprelium Abyss webserver X1 arbitrary code execution and header injection", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8062", "name" : "8062", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12466", "name" : "abyss-http-get-bo(12466)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aprelium_technologies:abyss_web_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.1.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1338", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-06/0235.html", "name" : "20030629 Aprelium Abyss webserver X1 arbitrary code execution and header injection", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aprelium_technologies:abyss_web_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.1.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2010-06-23T04:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1339", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=107090390002654&w=2", "name" : "20031207 eZ Multiple Packages Stack Overflow Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://seclists.org/bugtraq/2003/Dec/0195.html", "name" : "20031211 eZ and eZphotoshare fixes", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.governmentsecurity.org/archive/t5390.html", "name" : "http://www.governmentsecurity.org/archive/t5390.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1008412", "name" : "1008412", "refsource" : "SECTRACK", "tags" : [ "Exploit" ] }, { "url" : "https://www.exploit-db.com/exploits/133", "name" : "133", "refsource" : "EXPLOIT-DB", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotoshare, (b) eZmeeting, (c) eZnetwork, and (d) eZshare allows remote attackers to cause a denial of service (crash) or execute arbitrary code, as demonstrated via (1) a long GET request and (2) a long operation or autologin parameter to SwEzModule.dll." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezmeeting:ezmeeting:3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezmeeting:ezmeeting:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ezmeeting:ezmeeting:3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1340", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/323425", "name" : "20030530 Php-Nuke:users and admins password hashes vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://securityreason.com/securityalert/3185", "name" : "3185", "refsource" : "SREASON", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/archive/1/480866/100/0/threaded", "name" : "20070927 Re: [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpnuke:php-nuke:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpnuke:php-nuke:5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1341", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-16" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html", "name" : "20030114 Assorted Trend Vulns Rev 2.0", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353", "name" : "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6616", "name" : "6616", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.osvdb.org/6181", "name" : "6181", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7881", "name" : "7881", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11059", "name" : "officescan-cgichkmasterpwd-auth-bypass(11059)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trend_micro:officescan:3.1.1:*:corporate_for_windows_nt_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trend_micro:officescan:3.13:*:corporate_for_windows_nt_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trend_micro:officescan:3.5:*:corporate:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trend_micro:officescan:3.0:*:corporate:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trend_micro:officescan:3.0:*:corporate_for_windows_nt_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trend_micro:officescan:3.5:*:corporate_for_windows_nt_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trend_micro:officescan:3.54:*:corporate:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trend_micro:officescan:3.11:*:corporate:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trend_micro:virus_buster:3.52:*:corporate:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trend_micro:virus_buster:3.53:*:corporate:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trend_micro:officescan:3.11:*:corporate_for_windows_nt_server:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trend_micro:officescan:3.13:*:corporate:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trend_micro:virus_buster:3.54:*:corporate:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1342", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-399" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html", "name" : "20030114 Assorted Trend Vulns Rev 2.0", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0021.html", "name" : "20030114 RE: [VulnWatch] Assorted Trend Vulns Rev 2.0", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6617", "name" : "6617", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/6185", "name" : "6185", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7881", "name" : "7881", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11060", "name" : "trend-vcs-activesupport-dos(11060)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows remote attackers to cause a denial of service (memory consumption) in IIS via multiple URL requests for ActiveSupport.exe." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_server:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trend_micro:virus_control_system:1.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2020-11-23T19:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1343", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0021.html", "name" : "20030114 RE: [VulnWatch] Assorted Trend Vulns Rev 2.0", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13352", "name" : "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13352", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6619", "name" : "6619", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://secunia.com/advisories/7881", "name" : "7881", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11061", "name" : "scanmail-smgsmxcfg30-password-bypass(11061)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly \"3560121183d3\"." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trend_micro:scanmail:*:*:microsoft_exchange:*:*:*:*:*", "versionEndIncluding" : "3.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trend_micro:scanmail:*:*:microsoft_exchange:*:*:*:*:*", "versionEndIncluding" : "6.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1344", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0021.html", "name" : "20030114 RE: [VulnWatch] Assorted Trend Vulns Rev 2.0", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6618", "name" : "6618", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/7881", "name" : "7881", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11063", "name" : "trend-vcs-weak-encryption(11063)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Trend Micro Virus Control System (TVCS) Log Collector allows remote attackers to obtain usernames, encrypted passwords, and other sensitive information via a URL request for getservers.exe with the action parameter set to \"selects1\", which returns log files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trend_micro:virus_control_system:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1345", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/6574", "name" : "6574", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104261317218210&w=2", "name" : "20030114 Vulnerability in WebCollection Plus (TM)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11064", "name" : "webcollection-plus-directory-traversal(11064)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 allows remote attackers to view arbitrary files in c:\\ via a full pathname in the d parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:follett_software:webcollection_plus:5.00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1346", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/6609", "name" : "6609", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005926", "name" : "1005926", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104267037431451&w=2", "name" : "20030114 D-Link DWL-900AP+ Security Hole", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104311601319909&w=2", "name" : "20030116 Re: D-Link DWL-900AP+ Security Hole", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11074", "name" : "dlink-airplus-restore-default(11074)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:d-link:dwl-900ap\\+:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:d-link:dwl-900ap\\+:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:d-link:dwl-900ap\\+:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1347", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/306770", "name" : "20030114 Multiple XSS in Geeklog 1.3.7", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.geeklog.net/filemgmt/visit.php?lid=101", "name" : "http://www.geeklog.net/filemgmt/visit.php?lid=101", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6601", "name" : "6601", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6602", "name" : "6602", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6603", "name" : "6603", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securityreason.com/securityalert/3226", "name" : "3226", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6604", "name" : "6604", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11075", "name" : "geeklog-php-scripts-xss(11075)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:geeklog:geeklog:1.3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1348", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/308312", "name" : "20030125 ftls.org Guestbook 1.1 Script Injection", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6686", "name" : "6686", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securityreason.com/securityalert/3227", "name" : "3227", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11155", "name" : "guestbook-multiple-field-xss(11155)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ftls:guestbook:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1349", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0022.html", "name" : "20030115 Directory traversal vulnerabilities found in NITE ftp-server version 1.83", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6648", "name" : "6648", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005923", "name" : "1005923", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7879", "name" : "7879", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11062", "name" : "niteserver-dotdot-directory-traversal(11062)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a \"\\..\" (backslash dot dot) in the CD (CWD) command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:thomas_krebs:niteserver_ftpd:1.83:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1350", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/308300", "name" : "20030124 List Site Pro v2 user account Hijacking vulnerablity", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6685", "name" : "6685", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securityreason.com/securityalert/3230", "name" : "3230", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11156", "name" : "listsitepro-account-hijacking(11156)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a \"|\" (pipe), which is used as a field delimiter, into the bannerurl field." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:list_site_pro:list_site_pro:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1351", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/308162", "name" : "20030124 Vulnerability in edittag.pl", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6675", "name" : "6675", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3231", "name" : "3231", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11159", "name" : "edittag-dotdot-directory-traversal(11159)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a \"%2F..\" (encoded slash dot dot) in the file parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:greg_billock:edittag:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1352", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-16" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0179.html", "name" : "20030115 Gabber 0.8.7 leaks presence information without user authorization", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6624", "name" : "6624", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11115", "name" : "gabber-information-leak(11115)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Gabber 0.8.7 sends an email to a specific address during user login and logout, which allows remote attackers to obtain user session activity and Gabber version number by sniffing." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gabber:gabber:0.8.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1353", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0119.html", "name" : "20030116 Outreach Project Tool", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6631", "name" : "6631", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11096", "name" : "opt-news-post-xss(11096)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Outreach Project Tool (OPT) 0.946b allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the news field." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lanifex:outreach_project_tool:0.946b:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1354", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/lists/bugtraq/2003/Jan/0178.html", "name" : "20030122 PivX Multi-Vendor Game Server dDoS Advisory", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.pivx.com/kristovich/adv/mk001/", "name" : "http://www.pivx.com/kristovich/adv/mk001/", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securiteam.com/securitynews/5EP0O0K8UO.html", "name" : "http://www.securiteam.com/securitynews/5EP0O0K8UO.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6636", "name" : "6636", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11084", "name" : "battlefield-udp-query-dos(11084)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple GameSpy 3D 2.62 compatible gaming servers generate very large UDP responses to small requests, which allows remote attackers to use the servers as an amplifier in DDoS attacks with spoofed UDP query packets, as demonstrated using Battlefield 1942." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gamespy3d:gamespy_3d:2.62:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1355", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0342.html", "name" : "20030226 [VSA0307] Battlefield 1942 remote DoS", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6967", "name" : "6967", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11426", "name" : "battlefield-remoteconsole-username-dos(11426)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the remote console (rcon) in Battlefield 1942 1.2 and 1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long user name and password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:electronic_arts:battlefield_1942:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:electronic_arts:battlefield_1942:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1356", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/6640", "name" : "6640", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://archives.neohapsis.com/archives/hp/2003-q1/0009.html", "name" : "SSRT3454", "refsource" : "HP", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11107", "name" : "hpux-sort-file-handling(11107)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5758", "name" : "oval:org.mitre.oval:def:5758", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The \"file handling\" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is \"incorrect,\" which allows attackers to gain access or cause a denial of service via unknown vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1357", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-16" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/308733", "name" : "20030128 ProxyView default undocumented password", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6708", "name" : "6708", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3228", "name" : "3228", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11185", "name" : "proxyview-administrator-default-password(11185)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:replicom:proxyview:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1358", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/324381", "name" : "20030710 [LSD] HP-UX security vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/advisories/4960", "name" : "HPSBUX0302-240", "refsource" : "HP", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6837", "name" : "6837", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securityreason.com/securityalert/3236", "name" : "3236", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11312", "name" : "hp-rsf3000-daemon-access(11312)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.09:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.26:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.34:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.08:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1359", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/324381", "name" : "20030610 [LSD] HP-UX security vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/advisories/4959", "name" : "HPSBUX0302-241", "refsource" : "HP", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6836", "name" : "6836", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://securityreason.com/securityalert/3236", "name" : "3236", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11313", "name" : "hp-stmkfont-bo(11313)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5587", "name" : "oval:org.mitre.oval:def:5587", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.08:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.09:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.26:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.34:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:avaya:predictive_dialer_system:12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:avaya:predictive_dialer_system:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:avaya:predictive_dialer_system:11:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1360", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/324381", "name" : "20030610 [LSD] HP-UX security vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/advisories/4957", "name" : "HPSBUX0302-243", "refsource" : "HP", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6834", "name" : "6834", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3236", "name" : "3236", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11314", "name" : "hp-landiag-lanadmin-bo(11314)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.26:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.08:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.09:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.34:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.16:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1361", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0333.html", "name" : "20030225 VERITAS Software Technical Advisory (fwd)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://seer.support.veritas.com/docs/254442.htm", "name" : "http://seer.support.veritas.com/docs/254442.htm", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://seer.support.veritas.com/docs/252933.htm", "name" : "http://seer.support.veritas.com/docs/252933.htm", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6928", "name" : "6928", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11418", "name" : "veritas-bmr-root-access(11418)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:veritas:bare_metal_restore:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:3.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:3.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1362", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-16" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/hp/2003-q1/0033.html", "name" : "HPSBUX0302-245", "refsource" : "HP", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6878", "name" : "6878", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11366", "name" : "hp-bastille-info-disclosure(11366)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:bastille:b.02.00.05:*:hp-ux:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1363", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0149.html", "name" : "20030212 Abyss WebServer Brute Force Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6842", "name" : "6842", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.iss.net/security_center/static/11310.php", "name" : "abyss-web-admin-bruteforce(11310)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without detection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aprelium_technologies:abyss_web_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.1.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1364", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-04/0095.html", "name" : "20030405 Abyss X1 1.1.2 remote crash", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7287", "name" : "7287", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11718", "name" : "abyss-http-get-dos(11718)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aprelium_technologies:abyss_web_server:1.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "COMPLETE", "baseScore" : 8.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 7.8, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1365", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/311414", "name" : "20030211 Security bug in CGI::Lite::escape_dangerous_chars() function", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0065.html", "name" : "20030211 Security bug in CGI::Lite::escape_dangerous_chars() function", "refsource" : "VULNWATCH", "tags" : [ "Exploit" ] }, { "url" : "http://search.cpan.org/~smylers/CGI-Lite-2.02/Lite.pm", "name" : "http://search.cpan.org/~smylers/CGI-Lite-2.02/Lite.pm", "refsource" : "CONFIRM", "tags" : [ "Exploit" ] }, { "url" : "http://use.perl.org/~cbrooks/journal/10542", "name" : "http://use.perl.org/~cbrooks/journal/10542", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6833", "name" : "6833", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3237", "name" : "3237", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11308", "name" : "cgilite-shell-command-execution(11308)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) \"\\\" (backslash), (2) \"?\", (3) \"~\" (tilde), (4) \"^\" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:perl:cgi_lite:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1366", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/309962", "name" : "20030203 ASA-0001: OpenBSD chpass/chfn/chsh file content leak", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.epita.fr/~bevand_m/asa/asa-0001", "name" : "http://www.epita.fr/~bevand_m/asa/asa-0001", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6748", "name" : "6748", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3238", "name" : "3238", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006035", "name" : "1006035", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11233", "name" : "openbsd-chpass-information-disclosure(11233)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.3 }, "severity" : "LOW", "exploitabilityScore" : 3.4, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1367", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-16" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/310113", "name" : "20030204 Majordomo info leakage, all versions", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6761", "name" : "6761", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3235", "name" : "3235", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11243", "name" : "majordomo-whichaccess-email-disclosure(11243)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to \"open\" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a \"which\" command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:great_circle_associates:majordomo:1.94.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:great_circle_associates:majordomo:1.94.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:great_circle_associates:majordomo:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1368", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0054.html", "name" : "20030204 Banner Buffer Overflows found in Multible FTP Clients", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6764", "name" : "6764", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11234", "name" : "32bit-ftp-banner-bo(11234)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:electrasoft:ftp_client:9.49.01:*:32bit:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1369", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0054.html", "name" : "20030204 Banner Buffer Overflows found in Multible FTP Clients", "refsource" : "VULNWATCH", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6762", "name" : "6762", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11235", "name" : "bytecatcher-ftp-banner-bo(11235)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in ByteCatcher FTP client 1.04b allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:save_it_software_pty:bytecatcherftp:1.04b:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1370", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0330.html", "name" : "20030127 [SCSA-003] Multiple Cross Site Scripting & Script Injection Vulnerabilities in Nuked-Klan", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6697", "name" : "6697", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6699", "name" : "6699", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6700", "name" : "6700", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11176", "name" : "nuked-klan-index-xss(11176)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b allow remote attackers to inject arbitrary HTML or web script via (1) the Author field in the Guestbook module, (2) the Titre or Pseudo fields in the Forum module, or (3) \"La Tribune Libre\" in the Shoutbox module." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nuked-klan:nuked-klan:1.2_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1371", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0276.html", "name" : "20030221 [SCSA-006] XSS & Function Execution Vulnerabilities in Nuked-Klan", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6917", "name" : "6917", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11424", "name" : "nukedklan-information-disclosure(11424)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Nuked-Klan 1.3b, and possibly earlier versions, allows remote attackers to obtain sensitive server information via an op parameter set to phpinfo for the (1) Team, (2) News, or (3) Liens modules." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nuked-klan:nuked-klan:1.3_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1372", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html", "name" : "20030219 myphpnuke xss", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6892", "name" : "6892", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/3931", "name" : "3931", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8125", "name" : "8125", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11376", "name" : "phpbb-index-sql-injection(11376)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:unix:unix:any_version:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:myphpnuke:myphpnuke:1.8.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1373", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html", "name" : "20030220 phpBB Security Bugs", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6889", "name" : "6889", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11407", "name" : "phpbb-auth-read-files(11407)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1374", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0156.html", "name" : "20030213 HPUX disable buffer overflow vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6845", "name" : "6845", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11316", "name" : "hp-lp-disable-bo(11316)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in disable of HP-UX 11.0 may allow local users to execute arbitrary code via a long argument to the (1) -r or (2)-c options." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1375", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/310908", "name" : "20030207 HPUX Wall Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/advisories/5369", "name" : "HPSBUX0305-258", "refsource" : "HP", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6800", "name" : "6800", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://securityreason.com/securityalert/3264", "name" : "3264", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11272", "name" : "hp-wall-bo(11272)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5439", "name" : "oval:org.mitre.oval:def:5439", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1376", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/311059", "name" : "20030208 Yet another plaintext attack to ZIP encryption scheme.", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6805", "name" : "6805", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3265", "name" : "3265", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11296", "name" : "winzip-pkzip-weak-encryption(11296)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:winzip:winzip:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1377", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/312924", "name" : "20030223 sircd proof-of-concept / advisory", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6924", "name" : "6924", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11409", "name" : "sircd-reverse-dns-bo(11409)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sircd:sircd:0.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sircd:sircd:0.4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "COMPLETE", "baseScore" : 8.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 8.5, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1378", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/312910", "name" : "20030223 O UT LO OK E XPRE SS 6 .00 : broken", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/archive/1/312929", "name" : "20030224 Re: O UT LO OK E XPRE SS 6 .00 : broken", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6923", "name" : "6923", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11411", "name" : "outlook-codebase-execute-programs(11411)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2000:sr1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2000:sp2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "NONE", "baseScore" : 8.8 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 9.2, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1379", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/313080", "name" : "20030225 clarkconnect(d) information disclosure", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6934", "name" : "6934", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11419", "name" : "clarkconnect-clarkconnectd-info-disclosure(11419)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obtain sensitive information about the server via the characters (1) A, which reveals the date and time, (2) F, (3) M, which reveals 'ifconfig' information, (4) P, which lists the processes, (5) Y, which reveals the snort log files, or (6) b, which reveals /var/log/messages." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:point_clark_networks:clarkconnect:1.2:*:linux:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1380", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/312032", "name" : "20030217 [immune advisory] Mulitple vulnerabilities found in BisonFTP", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6873", "name" : "6873", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11347", "name" : "bisonftp-ls-view-files(11347)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a \"mget @../FILE\" command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:bisonftp:bisonftp_server_4:r2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1381", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-134" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/313273", "name" : "20030226 [VSA0308] Half-Life AMX-Mod remote (root) hole", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6968", "name" : "6968", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3258", "name" : "3258", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11427", "name" : "amx-amxsay-format-string(11427)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:amxmod.net:amx_mod:0.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1382", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/313363", "name" : "20030227 ISMAIL (All Versions) Remote Buffer Overrun", "refsource" : "BUGTRAQ", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6972", "name" : "6972", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3254", "name" : "3254", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11432", "name" : "ismail-smtp-domain-bo(11432)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:instantservers_inc.:ismail:1.4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1383", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/313575", "name" : "20030301 web-erp 0.1.4 database access vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6996", "name" : "6996", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3257", "name" : "3257", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11443", "name" : "weberp-logicworks-ini-access(11443)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:logicworks:web_erp:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.1.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1384", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2003/03/msg00024.html", "name" : "20030302 [SCSA-008] Cross Site Scripting & Script Injection Vulnerability in PY-Livredor", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004015.html", "name" : "20030302 [SCSA-008] Cross Site Scripting & Script Injection Vulnerability in PY-Livredor", "refsource" : "FULLDISC", "tags" : [ "Exploit" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0102.html", "name" : "20030302 [SCSA-008] Cross Site Scripting & Script Injection Vulnerability in PY-Livredor", "refsource" : "VULNWATCH", "tags" : [ "Exploit" ] }, { "url" : "http://www.security-corp.org/advisories/SCSA-008.txt", "name" : "http://www.security-corp.org/advisories/SCSA-008.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6997", "name" : "6997", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11448", "name" : "pylivredor-guestbook-xss(11448)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor 1.0 allows remote attackers to insert arbitrary web script or HTML via the (1) titre, (2) Votre pseudo, (3) Votre e-mail, or (4) Votre message fields." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:py_software:py-livredor:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1385", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html", "name" : "20030227 Invision Power Board (PHP)", "refsource" : "VULNWATCH", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6976", "name" : "6976", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/3357", "name" : "3357", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8182", "name" : "8182", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11435", "name" : "invision-ipchat-file-include(11435)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:invision_power_services:invision_power_board:1.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1386", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0377.html", "name" : "20030228 axis2400 webcams", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-03/0370.html", "name" : "20030325 Axis Video and Camera Servers - System log access and file access/overwrite via HTTP/CGI", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.websec.org/adv/axis2400.txt.html", "name" : "http://www.websec.org/adv/axis2400.txt.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6980", "name" : "6980", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11440", "name" : "axis-messages-unauth-access(11440)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:axis:2400_video_server:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:axis:2400_video_server:2.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:axis:2401_video_server:2.31:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:axis:2401_video_server:2.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:axis:2401_video_server:2.33:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:axis:2400_video_server:2.31:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:axis:2400_video_server:2.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:axis:2400_video_server:2.33:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:axis:2401_video_server:2.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1387", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/311194", "name" : "20030209 Opera Username Buffer Overflow Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/315794", "name" : "20030320 Opara 6.06 Released, Security-Hole Left", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6811", "name" : "6811", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://securityreason.com/securityalert/3253", "name" : "3253", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11281", "name" : "opera-username-url-bo(11281)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.5:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.6:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0_beta1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0_beta2:*:win32:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1388", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-04/0116.html", "name" : "20030407 Unchecked Buffer in Opera 7.02", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11740", "name" : "opera-long-url-bo(11740)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:unix:unix:any_version:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera:7.02_build_2668:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1389", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/311176", "name" : "20030210 RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6815", "name" : "6815", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11294", "name" : "cryptobuddy-truncate-weak-security(11294)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:research_triangle_software:cryptobuddy:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:research_triangle_software:cryptobuddy:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1390", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/311176", "name" : "20030210 RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11297", "name" : "cryptobuddy-plaintext-password-bytes(11297)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:research_triangle_software:cryptobuddy:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:research_triangle_software:cryptobuddy:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1391", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/311176", "name" : "20030210 RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6810", "name" : "6810", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11298", "name" : "cryptobuddy-password-dictionary(11298)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:research_triangle_software:cryptobuddy:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:research_triangle_software:cryptobuddy:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1392", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/311176", "name" : "20030210 RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6812", "name" : "6812", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11317", "name" : "cryptobuddy-password-information-disclosure(11317)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:research_triangle_software:cryptobuddy:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:research_triangle_software:cryptobuddy:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "NONE", "baseScore" : 6.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 9.2, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1393", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/311159", "name" : "20030210 Buffer OverFlow in SQLBase 8.1.0 - NII Advisory", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/314379", "name" : "20030308 NII Advisory - Buffer Overflow in SQLBase (Revised)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6808", "name" : "6808", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8023", "name" : "8023", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securityreason.com/securityalert/3256", "name" : "3256", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11269", "name" : "sqlbase-execute-long-bo(11269)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long EXECUTE command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gupta_technologies:sqlbase:8.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 8.5 }, "severity" : "HIGH", "exploitabilityScore" : 6.8, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1394", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/313580", "name" : "20030228 Easy obtaining User+Pass+More on CoffeeCup Password Wizard All Versions", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6995", "name" : "6995", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3259", "name" : "3259", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11447", "name" : "coffeecup-password-file-retrieval(11447)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:coffeecup_software:coffeecup_password_wizard:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1395", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/309935", "name" : "20030202 Denial of service against Kazaa Media Desktop v2", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6747", "name" : "6747", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3252", "name" : "3252", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11228", "name" : "kazaa-automated-ad-bo(11228)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kazaa:kazaa_media_desktop:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kazaa:kazaa_media_desktop:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 8.5, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1396", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-04/0346.html", "name" : "20030427 [Opera 7/6] Long File Extension Heap Buffer Overrun Vulnerability in Download.", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7450", "name" : "7450", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11894", "name" : "opera-file-extension-bo(11894)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0.2:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0.3:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0.1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.2:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.3:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.4:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.5:*:win32:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1397", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/311214", "name" : "20030210 Java-Applet crashes Opera 6.05 and 7.01", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6814", "name" : "6814", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3255", "name" : "3255", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11280", "name" : "opera-plugincontextshowdocument-bo(11280)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0_beta2:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0_beta1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.5:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0.1:*:win32:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1398", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0131.html", "name" : "20030211 Field Notice - IOS Accepts ICMP Redirects in Non-default Configuration Settings", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6823", "name" : "6823", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1006075", "name" : "1006075", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11306", "name" : "cisco-ios-icmp-redirect(11306)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2e:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0t:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1399", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0278.html", "name" : "20030222 eject 2.0.10 vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6914", "name" : "6914", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11380", "name" : "linux-eject-information-disclosure(11380)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eject:eject:2.0.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eject:eject:2.0.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eject:eject:2.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 1.9 }, "severity" : "LOW", "exploitabilityScore" : 3.4, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1400", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/309959", "name" : "20030203 PHP-Nuke Avatar Code injection vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/archive/1/310115", "name" : "20030204 Re: PHP-Nuke Avatar Code injection vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6750", "name" : "6750", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11229", "name" : "phpnuke-avatar-code-execution(11229)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.2a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1401", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0069.html", "name" : "20030215 php-Board (php)", "refsource" : "VULNWATCH", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6862", "name" : "6862", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11338", "name" : "phpboard-login-plaintext-passwords(11338)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:php_board:php_board:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1402", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0071.html", "name" : "20030215 Kietu ( PHP )", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6863", "name" : "6863", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/10754", "name" : "10754", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.osvdb.org/3777", "name" : "3777", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11341", "name" : "kietu-hit-file-include(11341)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kietu:kietu:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kietu:kietu:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1403", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0070.html", "name" : "20030215 DotBr (PHP)", "refsource" : "VULNWATCH", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6864", "name" : "6864", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/5091", "name" : "5091", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11353", "name" : "dotbr-foo-info-disclosure(11353)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dotbr:botbr:0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1404", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0070.html", "name" : "20030215 DotBr (PHP)", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6865", "name" : "6865", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/5092", "name" : "5092", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11354", "name" : "dotbr-config-info-disclosure(11354)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dotbr:botbr:0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1405", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0070.html", "name" : "20030215 DotBr (PHP)", "refsource" : "VULNWATCH", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6866", "name" : "6866", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6867", "name" : "6867", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/5089", "name" : "5089", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.osvdb.org/5090", "name" : "5090", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11355", "name" : "dotbr-exec-execute-commands(11355)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dotbr:botbr:0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1406", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0072.html", "name" : "20030216 D-Forum (PHP)", "refsource" : "VULNWATCH", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6879", "name" : "6879", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11342", "name" : "dform-header-file-include(11342)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adalis_infomatique:d_forum:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adalis_infomatique:d_forum:1.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adalis_infomatique:d_forum:1.11:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1407", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/311359", "name" : "20030211 SECURITY.NNOV: Windows NT 4.0/2000 cmd.exe long path buffer overflow/DoS", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6829", "name" : "6829", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3251", "name" : "3251", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11329", "name" : "win-cmd-cd-bo(11329)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1408", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/311660", "name" : "20030212 Lotus Domino DOT Bug Allows for Source Code Viewing", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/archive/1/311806", "name" : "20030213 Re: Lotus Domino DOT Bug Allows for Source Code Viewing", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6841", "name" : "6841", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11311", "name" : "lotus-domino-dot-file-download(11311)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lotus:domino_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lotus:domino_server:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1409", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0049.html", "name" : "20030204 TOPo 1.43 and prior - Path Disclosure (in.php, out.php)", "refsource" : "BUGTRAQ", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6768", "name" : "6768", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8008", "name" : "8008", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11248", "name" : "topo-path-disclosure(11248)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ej3:topo:1.43:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1410", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/311173", "name" : "20030209 Cedric Email Reader (PHP)", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6818", "name" : "6818", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/5487", "name" : "5487", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8024", "name" : "8024", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11278", "name" : "cedric-email-file-include(11278)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isoca:cedric_email_reader:0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isoca:cedric_email_reader:0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1411", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/311173", "name" : "20030209 Cedric Email Reader (PHP)", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6820", "name" : "6820", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/5900", "name" : "5900", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8024", "name" : "8024", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11278", "name" : "cedric-email-file-include(11278)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:isoca:cedric_email_reader:0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1412", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-February/003932.html", "name" : "20030223 GOnicus System Administrator php injection", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6922", "name" : "6922", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.securitytracker.com/id?1006162", "name" : "1006162", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8120", "name" : "8120", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11408", "name" : "gosa-plugin-file-include(11408)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/313282/30/25760/threaded", "name" : "20030224 GOnicus System Administrator php injection", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gonicus:gonicus_system_administration:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1413", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/313517", "name" : "20030228 Re: QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6992", "name" : "6992", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securityreason.com/securityalert/3260", "name" : "3260", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11445", "name" : "darwin-dotdot-file-existence(11445)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using \"..\" sequences in the filename parameter and comparing the resulting error messages." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1414", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/313517", "name" : "20030228 Re: QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6990", "name" : "6990", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securityreason.com/securityalert/3260", "name" : "3260", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11446", "name" : "darwin-dotdotdot-directory-traversal(11446)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1415", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/312187", "name" : "20030218 [SecurityOffice] Netcharts XBRL Server v4.0.0 Information Leakage Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6877", "name" : "6877", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8091", "name" : "8091", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securityreason.com/securityalert/3261", "name" : "3261", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11345", "name" : "netcharts-chunked-encoding-bo(11345)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NetCharts XBRL Server 4.0.0 allows remote attackers to obtain sensitive information via an HTTP request with an invalid chunked transfer encoding specification." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:visual_mining:netcharts_xbrl_server:4.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1416", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/312032", "name" : "20030217 [immune advisory] Mulitple vulnerabilities found in BisonFTP", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6869", "name" : "6869", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11346", "name" : "bisonftp-ls-cwd-dos(11346)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BisonFTP Server 4 release 2 allows remote attackers to cause a denial of service (CPU consumption) via a long (1) ls or (2) cwd command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:bisonftp:bisonftp_server_4:r2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1417", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ncipher.com/support/advisories/advisory7_keyduplicates.html", "name" : "http://www.ncipher.com/support/advisories/advisory7_keyduplicates.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6927", "name" : "6927", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://marc.info/?l=bugtraq&m=104619088801750&w=2", "name" : "20030225 nCipher Advisory #7: Unexpected copies of imported software keys", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11422", "name" : "ncipher-duplicate-keys(11422)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ncipher:support_software:6.00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1418", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openbsd.org/errata32.html", "name" : "[3.2] 008: SECURITY FIX: February 25, 2003", "refsource" : "OPENBSD", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6939", "name" : "6939", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6943", "name" : "6943", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11438", "name" : "apache-mime-information-disclosure(11438)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-10-20T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1419", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html", "name" : "20030225 Re: Netscape 6/7 crashes by a simple stylesheet...", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6959", "name" : "6959", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11444", "name" : "netscape-javascript-reformatdate-dos(11444)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1420", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/313216", "name" : "20030226 Secunia Research: Opera browser Cross Site Scripting", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6962", "name" : "6962", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11423", "name" : "opera-automatic-redirection-xss(11423)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.5:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.10:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.2:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0.1:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.2:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.3:*:linux:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.3:*:win32:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.4:*:win32:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1421", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-399" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/6854", "name" : "6854", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11340", "name" : "suckbot-modmysqllogger-dos(11340)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unspecified vulnerability in mod_mysql_logger shared object in SuckBot 0.006 allows remote attackers to cause a denial of service (seg fault) via unknown attack vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:suckbot:suckbot:0.006:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1422", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-16" }, { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://syslinux.zytor.com/history.php", "name" : "http://syslinux.zytor.com/history.php", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6876", "name" : "6876", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/8077", "name" : "8077", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11351", "name" : "syslinux-gain-privileges(11351)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gentoo:syslinux:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1423", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://securitytracker.com/id?1006117", "name" : "1006117", "refsource" : "SECTRACK", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11358", "name" : "petitforum-liste-info-disclosure(11358)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:unix:unix:any_version:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:petitforum:petitforum:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1424", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://securitytracker.com/id?1006117", "name" : "1006117", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11359", "name" : "petitforum-message-auth-bypass(11359)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:petitforum:petitforum:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1425", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.html", "name" : "20030218 Cpanel 5 and below remote command execution and local root vulnerabilities", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6882", "name" : "6882", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11356", "name" : "cpanel-guestbook-command-execution(11356)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1426", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-16" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.html", "name" : "20030218 Cpanel 5 and below remote command execution and local root vulnerabilities", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6885", "name" : "6885", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11357", "name" : "cpanel-scriptfilename-gain-privileges(11357)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.3 }, "severity" : "LOW", "exploitabilityScore" : 3.4, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1427", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/311160", "name" : "20030209 Bug in Netgear FM114P Wireless Router firmware", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6807", "name" : "6807", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11279", "name" : "netgear-fm114p-directory-traversal(11279)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:netgear:fm114p:1.4_beta_release_17:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1428", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/311161", "name" : "20030210 Gallery 1.3.3", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6809", "name" : "6809", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11284", "name" : "gallery-album-insecure-directory(11284)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bharat_mediratta:gallery:1.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.5, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1429", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0088.html", "name" : "20030219 [SCSA-005] Proxomitron Naoko Long Path Buffer Overflow/DoS", "refsource" : "VULNWATCH", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11364", "name" : "proxomitron-parameter-length-bo(11364)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to execute arbitrary code via a long request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:proxomitron:proxomitron_naoko:4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1430", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0063.html", "name" : "20030205 Unreal engine: results of my research", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0142.html", "name" : "20030211 Re: Epic Games threatens to sue security researchers", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6775", "name" : "6775", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11299", "name" : "ut-file-directory-traversal(11299)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a \"..\" (dot dot) in an unreal:// URL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:226f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:433:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:436:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1431", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0063.html", "name" : "20030205 Unreal engine: results of my research", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0142.html", "name" : "20030211 Re: Epic Games threatens to sue security researchers", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.pivx.com/luigi/adv/ueng-adv.txt", "name" : "http://www.pivx.com/luigi/adv/ueng-adv.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6774", "name" : "6774", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11301", "name" : "ut-url-memory-corruption(11301)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (crash) via a long host string in the Unreal URL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:433:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:436:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:226f:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.1 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1432", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" }, { "lang" : "en", "value" : "CWE-189" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0063.html", "name" : "20030205 Unreal engine: results of my research", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0142.html", "name" : "20030211 Re: Epic Games threatens to sue security researchers", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-05/0142.html", "name" : "20030513 UT2003 client passive DoS exploit", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6770", "name" : "6770", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6772", "name" : "6772", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12012", "name" : "ut-negative-udp-dos(12012)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11305", "name" : "ut-negative-memory-corruption(11305)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11302", "name" : "ut-packet-dos(11302)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:epic_games:unreal_tournament_2003:demo_version_2206_win32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:226f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:433:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:436:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:epic_games:unreal_tournament_2003:2199_linux:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:epic_games:unreal_tournament_2003:2199_win32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:epic_games:unreal_tournament_2003:demo_version_2206_linux:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1433", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0063.html", "name" : "20030205 Unreal engine: results of my research", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0142.html", "name" : "20030211 Re: Epic Games threatens to sue security researchers", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.pivx.com/luigi/adv/ueng-adv.txt", "name" : "http://www.pivx.com/luigi/adv/ueng-adv.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6771", "name" : "6771", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11304", "name" : "ut-join-request-dos(11304)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:226f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:433:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:436:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1434", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0244.html", "name" : "20030220 login_ldap security announcement", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6903", "name" : "6903", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11374", "name" : "loginldap-password-bypass(11374)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pete_werner:login_ldap:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pete_werner:login_ldap:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1435", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0246.html", "name" : "20030220 PHPNuke SQL Injection", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6887", "name" : "6887", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11375", "name" : "phpnuke-search-sql-injection(11375)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1436", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/6731", "name" : "6731", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securitytracker.com/id?1006031", "name" : "1006031", "refsource" : "SECTRACK", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/7986", "name" : "7986", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11217", "name" : "nukebrowser-php-file-include(11217)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrowser 2.1 to 2.5 allows remote attackers to execute arbitrary PHP code via the filhead parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:crossnuke:nukebrowser:2.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:crossnuke:nukebrowser:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:crossnuke:nukebrowser:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:crossnuke:nukebrowser:2.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:crossnuke:nukebrowser:2.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:crossnuke:nukebrowser:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1437", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-25.jsp", "name" : "BEA03-25.00", "refsource" : "BEA", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/6719", "name" : "6719", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11220", "name" : "weblogic-keystore-plaintext-passwords(11220)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11i:v1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11i:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-30T16:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1438", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-26.01.jsp", "name" : "BEA03-26.01", "refsource" : "BEA", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6717", "name" : "6717", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006018", "name" : "1006018", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11221", "name" : "weblogic-clustered-race-condition(11221)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1439", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/309775", "name" : "20030201 silc question - insecure memory", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6743", "name" : "6743", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11244", "name" : "silc-plaintext-account-information(11244)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/309941/30/26090/threaded", "name" : "20030201 Re: silc question - insecure memory", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.11:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1440", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sourceforge.net/project/shownotes.php?release_id=137128", "name" : "http://sourceforge.net/project/shownotes.php?release_id=137128", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6739", "name" : "6739", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/7994", "name" : "7994", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securitytracker.com/id?1006038", "name" : "1006038", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11247", "name" : "spamprobe-newlines-href-dos(11247)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SpamProbe 0.8a allows remote attackers to cause a denial of service (crash) via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular expressions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:burton_computer_corporation:spamprobe:0.8a:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1441", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.posadis.org/advisories/pos_adv_003.txt", "name" : "http://www.posadis.org/advisories/pos_adv_003.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6799", "name" : "6799", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.osvdb.org/3522", "name" : "3522", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8018", "name" : "8018", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11285", "name" : "posadis-dns-packet-dos(11285)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Posadis 0.50.4 through 0.50.8 allows remote attackers to cause a denial of service (crash) via a DNS message without a question section, which triggers null dereference." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:posadis:posadis:0.50.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:posadis:posadis:0.50.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:posadis:posadis:0.50.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:posadis:posadis:0.50.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:posadis:posadis:0.50.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1442", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0127.html", "name" : "20030211 Ericsson HM220dp ADSL modem Insecure Web Administration Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6824", "name" : "6824", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://marc.info/?l=bugtraq&m=104619331706574&w=2", "name" : "20030225 RE: Ericsson HM220dp ADSL modem Insecure Web Administration Vulne", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11290", "name" : "ericsson-hm220dp-auth-bypass(11290)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:ericsson:hm220dp_adsl_modem:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1443", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0130.html", "name" : "20030211 SECURITY.NNOV: Kaspersky Antivirus DoS", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11292", "name" : "kav-device-name-bypass(11292)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files with MS-DOS device names in their filenames, which allows local users to bypass virus protection, as demonstrated using aux.vbs and aux.com." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:4.0.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1444", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0130.html", "name" : "20030211 SECURITY.NNOV: Kaspersky Antivirus DoS", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11291", "name" : "kav-long-path-dos(11291)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial of service (CPU consumption or crash) and prevent malicious code from being detected via a file with a long pathname." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:4.0.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1445", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/311334", "name" : "20030211 SECURITY.NNOV: Far buffer overflow", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6822", "name" : "6822", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securityreason.com/securityalert/3281", "name" : "3281", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11293", "name" : "far-long-path-bo(11293)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long pathname." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rarlab:far_manager:1.65:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rarlab:far_manager:1.70_beta_1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rarlab:far_manager:1.70_beta_4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1446", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0260.html", "name" : "20030221 Rogue buffer overflow", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/6912", "name" : "6912", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11382", "name" : "rogue-saveintofile-bo(11382)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the save_into_file function in save.c for Rogue 5.2-2 allows local users to execute arbitrary code with games group privileges by setting a long HOME environment variable and invoking the save game function with a ~ (tilde)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rogue:rogue:5.2-2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rogue:rogue:985.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:C/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "NONE", "baseScore" : 4.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1447", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/310118", "name" : "20030204 Weak password protection in WebSphere 4.0.4 XML configuration export", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/archive/1/310796", "name" : "20030206 Re: Weak password protection in WebSphere 4.0.4 XML configuration export", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6758", "name" : "6758", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3277", "name" : "3277", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11245", "name" : "websphere-xml-weak-encryption(11245)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:websphere_application_server:4.0.4:*:advanced_server:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 1.9 }, "severity" : "LOW", "exploitabilityScore" : 3.4, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1448", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-399" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.immunitysec.com/downloads/advantages_of_block_based_analysis.html", "name" : "http://www.immunitysec.com/downloads/advantages_of_block_based_analysis.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6766", "name" : "6766", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11274", "name" : "win2k-netbios-continuation-dos(11274)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2019-04-30T14:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1449", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-16" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0088.html", "name" : "20030206 FW-1 NG FP3 Bug - Data flow problem when transferring large files", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6787", "name" : "6787", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11295", "name" : "esafe-gateway-filter-bypass(11295)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the entire stream of Content Vectoring Protocol (CVP) data, which allows remote attackers to bypass virus protection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aladdin_knowledge_systems:esafe_gateway:3.5.126.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1450", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/312133", "name" : "20030217 [argv] BitchX-353 Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-February/003850.html", "name" : "20030217 [argv] BitchX-353 Vulnerability", "refsource" : "FULLDISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.linuxsecurity.com/content/view/104622/104/", "name" : "200302-11", "refsource" : "GENTOO", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6880", "name" : "6880", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securityreason.com/securityalert/3279", "name" : "3279", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11363", "name" : "bitchx-irc-namreply-dos(11363)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bitchx:bitchx:1.0_c16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bitchx:bitchx:1.0_c19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bitchx:bitchx:1.0_c20cvs:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bitchx:bitchx:75p3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1451", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-02/0233.html", "name" : "20030219 [SNS Advisory No.61] Symantec Norton AntiVirus 2002 Buffer Overflow Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.lac.co.jp/security/english/snsadv_e/61_e.html", "name" : "http://www.lac.co.jp/security/english/snsadv_e/61_e.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2003.02.28.html", "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2003.02.28.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6886", "name" : "6886", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11365", "name" : "nav-email-filename-bo(11365)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attackers to execute arbitrary code via an e-mail attachment with a compressed ZIP file that contains a file with a long filename." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2002:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1452", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-16" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/319811", "name" : "20030428 Qpopper v4.0.x poppassd local root exploit", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0047.html", "name" : "20030429 [INetCop Security Advisory] Qpopper v4.0.x poppassd local root", "refsource" : "VULNWATCH", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7447", "name" : "7447", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securityreason.com/securityalert/3268", "name" : "3268", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11877", "name" : "qpopper-poppassd-root-access(11877)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0_b14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0.5_fc2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.6 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1453", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/319715", "name" : "20030425 XOOPS MyTextSanitizer CSS 1.3x & 2.x", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7434", "name" : "7434", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://securityreason.com/securityalert/3269", "name" : "3269", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11872", "name" : "xoops-mytextsanitizer-xss(11872)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the MytextSanitizer function in XOOPS 1.3.5 through 1.3.9 and XOOPS 2.0 through 2.0.1 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in an IMG tag." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xoops:xoops:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xoops:xoops:1.3.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xoops:xoops:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xoops:xoops:1.3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xoops:xoops:1.3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xoops:xoops:1.3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xoops:xoops:1.3.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1454", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/319747", "name" : "20030425 Invision Power Board Plaintext Password Disclosure Vuln", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7440", "name" : "7440", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3276", "name" : "3276", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11871", "name" : "invision-admin-plaintext-password(11871)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:invision_power_services:invision_board:1.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:invision_power_services:invision_board:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:invision_power_services:invision_board:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1455", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sourceforge.net/project/shownotes.php?release_id=138437", "name" : "http://sourceforge.net/project/shownotes.php?release_id=138437", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7582", "name" : "7582", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7590", "name" : "7590", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12101", "name" : "poptop-launchbcrelay-pptpctrlc-bo(12101)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c in PoPToP 1.1.4-b1 through PoPToP 1.1.4-b3 allow local users to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:poptop:pptp_server:1.1.4b1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:poptop:pptp_server:1.1.4b2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:poptop:pptp_server:1.1.4b3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1456", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/319763", "name" : "20030426 Album.pl Vulnerability - Remote Command Execution", "refsource" : "BUGTRAQ", "tags" : [ "Patch" ] }, { "url" : "http://perl.bobbitt.ca/yabbse/index.php?board=2;action=display;threadid=720", "name" : "http://perl.bobbitt.ca/yabbse/index.php?board=2;action=display;threadid=720", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7444", "name" : "7444", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3270", "name" : "3270", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11878", "name" : "albumpl-command-execution(11878)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mike_bobbitt:album.pl:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.1", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1457", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-16" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/319946", "name" : "20030429 Auerswald COMsuite/ Back Door", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7458", "name" : "7458", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3282", "name" : "3282", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11923", "name" : "comsuite-runasositron-backdoor-account(11923)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Auerswald COMsuite CTI ControlCenter 3.1 creates a default \"runasositron\" user account with an easily guessable password, which allows local users or remote attackers to gain access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:auerswald:comsuite_cti_controlcenter:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1458", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/321000", "name" : "20030509 ttcms and ttforum exploits", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7543", "name" : "7543", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3278", "name" : "3278", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12273", "name" : "ttcms-profile-sql-injection(12273)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ttcms:ttforum:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ttcms:ttcms:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1459", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/321000", "name" : "20030509 ttcms and ttforum exploits", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7542", "name" : "7542", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securityreason.com/securityalert/3278", "name" : "3278", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12271", "name" : "ttcms-ttforum-file-include(12271)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ttcms:ttcms:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ttcms:ttforum:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1460", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.boomerangsworld.de/worker/wchanges.php3?lang=en", "name" : "http://www.boomerangsworld.de/worker/wchanges.php3?lang=en", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7460", "name" : "7460", "refsource" : "BID", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:1.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:1.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:1.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.6 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1461", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/320323", "name" : "20030502 HP-UX 11.0 /usr/lbin/rwrite", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/archive/1/320371", "name" : "20030503 rwrite buffer overflow in hp-ux", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7489", "name" : "7489", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://securityreason.com/securityalert/3283", "name" : "3283", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11919", "name" : "hp-rwrite-bo(11919)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4897", "name" : "oval:org.mitre.oval:def:4897", "refsource" : "OVAL", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1462", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-05/0058.html", "name" : "20030504 Mod_Survey SYSBASE vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://gathering.itm.mh.se/modsurvey/SA20030504.txt", "name" : "http://gathering.itm.mh.se/modsurvey/SA20030504.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://gathering.itm.mh.se/modsurvey/changelog.php", "name" : "http://gathering.itm.mh.se/modsurvey/changelog.php", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7498", "name" : "7498", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11861", "name" : "modsurvey-nonexistent-survey-dos(11861)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a survey exists before creating a subdirectory for it, which allows remote attackers to cause a denial of service (disk consumption and possible crash)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.14e:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.15pre1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.14d:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.15pre6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.15pre2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.15pre3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.15pre5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.15pre4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1463", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/319735", "name" : "20030425 Path disclosure and file access on WebAdmin", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7438", "name" : "7438", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7439", "name" : "7439", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3286", "name" : "3286", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11875", "name" : "webadmin-webadmindll-view-files(11875)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11874", "name" : "webadmin-webadmindll-path-disclosure(11874)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alt-n:webadmin:2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alt-n:webadmin:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alt-n:webadmin:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1464", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/320555", "name" : "20030506 Siemens Mobile Phone - Buffer Overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7507", "name" : "7507", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3287", "name" : "3287", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11950", "name" : "siemens-sms-image-bo(11950)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Siemens 45 series mobile phones allows remote attackers to cause a denial of service (disconnect and unavailable inbox) via a Short Message Service (SMS) message with a long image name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:siemens:m45:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:siemens:s45:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1465", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/321310", "name" : "20030513 Phorum Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7569", "name" : "7569", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://securityreason.com/securityalert/3288", "name" : "3288", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12482", "name" : "phorum-download-directory-traversal(12482)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1466", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/321310", "name" : "20030513 Phorum Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7581", "name" : "7581", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7583", "name" : "7583", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3288", "name" : "3288", "refsource" : "SREASON", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites via (1) register.php or (2) login.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1467", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/321310", "name" : "20030513 Phorum Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7572", "name" : "7572", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7573", "name" : "7573", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7576", "name" : "7576", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7577", "name" : "7577", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7584", "name" : "7584", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://securityreason.com/securityalert/3288", "name" : "3288", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12502", "name" : "phorum-register-html-injection(12502)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12487", "name" : "phorum-multiple-xss(12487)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:unix:unix:any_version:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phorum:phorum:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.4.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1468", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/321313", "name" : "20030512 Re: Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7589", "name" : "7589", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12436", "name" : "phpnuke-weblinks-path-disclosure(12436)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1469", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/319867", "name" : "20030426 NII Advisory - Path Disclosure in Cold Fusion MX Server", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.nii.co.in/vuln/pdmac.html", "name" : "http://www.nii.co.in/vuln/pdmac.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7443", "name" : "7443", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securityreason.com/securityalert/3307", "name" : "3307", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11879", "name" : "coldfusion-mx-path-disclosure(11879)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The default configuration of ColdFusion MX has the \"Enable Robust Exception Information\" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:macromedia:coldfusion_professional:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:macromedia:coldfusion:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:macromedia:coldfusion:*:*:developer:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1470", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/319879", "name" : "20030427 MDaemon SMTP/POP/IMAP server =>v.6.7.5: IMAP buffer overflow", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7446", "name" : "7446", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3296", "name" : "3296", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11896", "name" : "mdaemon-imap-create-bo(11896)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:6.7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1471", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archive.cert.uni-stuttgart.de/bugtraq/2003/04/msg00364.html", "name" : "20030428 MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-04/0359.html", "name" : "20030428 RE: MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7445", "name" : "7445", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11882", "name" : "mdaemon-pop3-negative-dos(11882)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.0.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.8, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1472", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/319818", "name" : "20030428 Buffer overflow in 3D-ftp", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7451", "name" : "7451", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securityreason.com/securityalert/3297", "name" : "3297", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11883", "name" : "3dftp-ftp-banner-bo(11883)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long banner." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:3d-ftp:3d-ftp:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1473", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-05/0122.html", "name" : "20030509 ltris-and-slashem-tty possible trouble", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/321001", "name" : "20030508 ltris-and-slashem-tty possible trouble", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7537", "name" : "7537", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11978", "name" : "ltris-bo(11978)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 and earlier allows local users to execute arbitrary code with gid \"games\" permission via a long HOME environment variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lgames:ltris:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1474", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-05/0122.html", "name" : "20030509 ltris-and-slashem-tty possible trouble", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/321001", "name" : "20030508 ltris-and-slashem-tty possible trouble", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.iss.net/security_center/static/11979.php", "name" : "slashem-tty-insecure-permissions(11979)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "slashem-tty in the FreeBSD Ports Collection is installed with write permissions for the games group, which allows local users with group games privileges to modify slashem-tty and execute arbitrary code as other users, as demonstrated using a separate vulnerability in LTris." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freebsd:slashem-tty:0.0.6e.4f.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1475", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/320980", "name" : "20030509 Netbus 1.x exploit", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7538", "name" : "7538", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3289", "name" : "3289", "refsource" : "SREASON", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11982", "name" : "netbus-password-authentication-bypass(11982)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netbus:netbus:1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netbus:netbus:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netbus:netbus:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1476", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.cerberusftp.com/cerberus-releasenotes.htm#KnownIssues", "name" : "http://www.cerberusftp.com/cerberus-releasenotes.htm#KnownIssues", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7556", "name" : "7556", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cerberus:ftp_server:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1477", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm", "name" : "http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7562", "name" : "7562", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12052", "name" : "mailsweeper-powerpoint-file-dos(12052)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause a denial of service (CPU consumption) via a PowerPoint attachment that either (1) is corrupt or (2) contains \"embedded objects.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper_for_smtp:4.3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper_for_smtp:4.3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1478", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/320266", "name" : "20030502 Re: April appeared to be a month of IE bugs. Here", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7486", "name" : "7486", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11971", "name" : "kde-konqueror-dos(11971)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of service (core dump) via a web page that begins with a \"xFFxFE\" byte sequence and a large number of CRLF sequences, as demonstrated using freeze.htm." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1479", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/320345", "name" : "20030502 Code Injection Vulnerabilities in WebcamXP Chat Feature", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.frame4.com/content/advisories/FSA-2003-002.txt", "name" : "http://www.frame4.com/content/advisories/FSA-2003-002.txt", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7490", "name" : "7490", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3304", "name" : "3304", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11952", "name" : "webcamxp-multiple-xss(11952)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and 1.02.535 allows remote attackers to inject arbitrary web script or HTML via the message field." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:darkwet:webcam_xp:1.02.432:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:darkwet:webcam_xp:1.02.535:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1480", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securiteam.com/tools/5WP031FA0U.html", "name" : "http://www.securiteam.com/tools/5WP031FA0U.html", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7500", "name" : "7500", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/8753", "name" : "8753", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.22.27:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.28:gamma:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.36:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.44:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.46:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.22.28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.22.29:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.22.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.22.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.31:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.32:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.33:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.34:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.47:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.48:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.49:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.50:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.52:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.20.32a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.22.26:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.25:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.26:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.27:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.29:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.35:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.37:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.39:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.45:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.51:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.53:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.54:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.55:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.56:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2019-12-17T17:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1481", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/320438", "name" : "20030504 CommuniGatePro 4.0.6 [EXPLOIT]", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7501", "name" : "7501", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://securityreason.com/securityalert/3290", "name" : "3290", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11932", "name" : "communigate-pro-session-hijacking(11932)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:3.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:4.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:3.2_b5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:3.2_b7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:4.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:4.0_b2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:3.3_b2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:3.4_b3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:4.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:4.0_b3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:3.3_b1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:3.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1482", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kurczaba.com/html/security/0305031.htm", "name" : "http://www.kurczaba.com/html/security/0305031.htm", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7496", "name" : "7496", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1006691", "name" : "1006691", "refsource" : "SECTRACK", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:microsoft:mn-500_wireless_base_station:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1483", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" }, { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/flashfxp_decrypt.c", "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/flashfxp_decrypt.c", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7499", "name" : "7499", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securitytracker.com/id?1006730", "name" : "1006730", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12298", "name" : "flashfxp-weak-password-encryption(12298)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "FlashFXP 1.4 uses a weak encryption algorithm for user passwords, which allows attackers to decrypt the passwords and gain access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:flashfxp:flashfxp:1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1484", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/320544", "name" : "20030505 Crash in Internet Explorer 6.0 Sp1", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7502", "name" : "7502", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3292", "name" : "3292", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11946", "name" : "ie-anchorclick-dos(11946)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick \"A\" object with a blank href attribute." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1485", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm", "name" : "http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7568", "name" : "7568", "refsource" : "BID", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to bypass filtering via a file attachment that contains \"multiple extensions combined with large blocks of white space.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.6_sp1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1486", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/321310", "name" : "20030513 Phorum Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7571", "name" : "7571", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://securityreason.com/securityalert/3288", "name" : "3288", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12499", "name" : "phorum-multiple-path-disclosure(12499)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1487", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/321310", "name" : "20030513 Phorum Vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7574", "name" : "7574", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7578", "name" : "7578", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/7579", "name" : "7579", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://securityreason.com/securityalert/3288", "name" : "3288", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12500", "name" : "phorum-command-execution(12500)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple \"command injection\" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1488", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7427", "name" : "7427", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/8683", "name" : "8683", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=vulnwatch&m=105128431109082&w=2", "name" : "20030425 True Galerie 1.0 : Admin Access & File Copy", "refsource" : "VULNWATCH", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11886", "name" : "truegalerie-verifadmin-admin-access(11886)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie 1.0 allow remote attackers to gain administrator access via a request to admin.php without the connect parameter and with the loggedin parameter set to any value, such as 1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:truelogik:truegalerie:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1489", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://secunia.com/advisories/8683", "name" : "8683", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://marc.info/?l=vulnwatch&m=105128431109082&w=2", "name" : "20030425 True Galerie 1.0 : Admin Access & File Copy", "refsource" : "VULNWATCH", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:truegalerie:truegalerie:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2016-10-18T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1490", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/319712", "name" : "20030424 SonicWall Pro DoS?", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7435", "name" : "7435", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3291", "name" : "3291", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11876", "name" : "sonicwallpro-http-post-dos(11876)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:sonicwall:pro100:6.4.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:sonicwall:pro200:6.4.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:sonicwall:pro300:6.4.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1491", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" }, { "lang" : "en", "value" : "CWE-16" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2003-q2/0352.html", "name" : "20030422 UDP bypassing in Kerio Firewall 2.1.4", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.securiteam.com/securitynews/5FP0N1P9PI.html", "name" : "http://www.securiteam.com/securitynews/5FP0N1P9PI.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7436", "name" : "7436", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11880", "name" : "kerio-pf-firewall-bypass(11880)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall:2.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1492", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-59" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/319919", "name" : "20030429 \"netscape navigator\" is cracked.", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7456", "name" : "7456", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11924", "name" : "netscape-domain-obtain-info(11924)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1493", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/hp/2003-q4/0019.html", "name" : "HPSBUX0310-291", "refsource" : "HP", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8859", "name" : "8859", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13467", "name" : "openview-nnm-packet-dos(13467)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (memory exhaustion) via crafted TCP packets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.4:*:hp_ux_11.x:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.4:*:nt_4.x_windows_2000:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.2:*:hp_ux_10.x:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.2:*:hp_ux_11.x:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.4:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.41:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.1:*:hp_ux_10.x:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.1:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.31:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.1:*:hp_ux_11.x:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.2:*:nt_4.x_windows_2000:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.2:*:solaris:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1494", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" }, { "lang" : "en", "value" : "CWE-399" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/hp/2003-q4/0019.html", "name" : "HPSBUX0310-291", "refsource" : "HP", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8859", "name" : "8859", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13467", "name" : "openview-nnm-packet-dos(13467)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unspecified vulnerability in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (CPU consumption) via a crafted TCP packet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1495", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.1357.1", "name" : "SSRT3632", "refsource" : "COMPAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8878", "name" : "8878", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13496", "name" : "hp-management-gain-privileges(13496)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unspecified vulnerability in the non-SSL web agent in various HP Management Agent products allows local users or remote attackers to gain privileges or cause a denial of service via unknown attack vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:insight_management_suite:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:insight_management_suite:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:insight_manager:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:insight_manager:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:remote_diagnostics_enabling_agent:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:insight_management_suite:3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1496", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/advisories/5973", "name" : "SSRT3589", "refsource" : "COMPAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8813", "name" : "8813", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9990", "name" : "9990", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13418", "name" : "tru64-dtmailpr-gain-privileges(13418)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1B allows local users to gain privileges via unknown attack vectors. NOTE: due to lack of details in the vendor advisory, it is not clear whether this is the same issue as CVE-1999-0840." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:tru64:4.0f_pk7_bl18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:tru64:4.0f_pk8_bl22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1_pk5_bl19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1_pk6_bl20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:tru64:4.0g:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:tru64:4.0g_pk3_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:tru64:4.0g_pk4_bl22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:tru64:4.0f:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1a_pk4_bl21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1a_pk5_bl23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1_pk3_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:tru64:4.0f_pk6_bl17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1_pk4_bl18:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1497", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/341309", "name" : "20031015 LinkSys EtherFast Router Denial of Service Attack", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.linksys.com/download/vertxt/befsx41_1453.txt", "name" : "http://www.linksys.com/download/vertxt/befsx41_1453.txt", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8834", "name" : "8834", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3298", "name" : "3298", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13436", "name" : "linksys-etherfast-logpagenum-dos(13436)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:linksys:befsx41:1.43.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.8, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1498", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0173.html", "name" : "20031014 Cross-Site Scripting Vulnerability in Wrensoft Zoom Search Engine", "refsource" : "BUGTRAQ", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/8823", "name" : "8823", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13431", "name" : "zoom-search-xss(13431)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in search.php for WRENSOFT Zoom Search Engine 2.0 Build 1018 and earlier allows remote attackers to inject arbitrary web script or HTML via the zoom_query parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wrensoft:zoom_search_engine:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0_build_1018", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1499", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0200.html", "name" : "20031019 ByteHoard Directory Traversal Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012430.html", "name" : "20031019 ByteHoard Directory Traversal Vulnerability", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.securiteam.com/unixfocus/6L00L008KE.html", "name" : "http://www.securiteam.com/unixfocus/6L00L008KE.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8850", "name" : "8850", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13456", "name" : "bytehoard-dotdot-directory-traversal(13456)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bytehoard:bytehoard:0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1500", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/341757", "name" : "20031019 ZH2003-31SA (security advisory): file inclusion vulnerability in cpCommerce", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://cpcommerce.org/forums/index.php?board=2;action=display;threadid=864", "name" : "http://cpcommerce.org/forums/index.php?board=2;action=display;threadid=864", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securiteam.com/unixfocus/6H00E2K8KG.html", "name" : "http://www.securiteam.com/unixfocus/6H00E2K8KG.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8851", "name" : "8851", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3301", "name" : "3301", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13457", "name" : "cpCommerce-functionsphp-file-include(13457)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cpcommerce:cpcommerce:0.5f:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1501", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/341870", "name" : "20031020 Gast Arbeiter Privilege Escalation", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8858", "name" : "8858", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13469", "name" : "gast-arbeiter-file-upload(13469)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in the file upload CGI of Gast Arbeiter 1.3 allows remote attackers to write arbitrary files via a .. (dot dot) in the req_file parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gast_arbeiter:gast_arbeiter:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1502", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012043.html", "name" : "20031015 Mod-Throttle [was: client attacks server - XSS]", "refsource" : "FULLDISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8822", "name" : "8822", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:snert.com:mod_throttle:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1503", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0059.html", "name" : "20031015 Buffer Overflow in AOL Instant Messager", "refsource" : "NTBUGTRAQ", "tags" : [ ] }, { "url" : "http://www.digitalpranksters.com/advisories/aol/AIMProtocolBO.html", "name" : "http://www.digitalpranksters.com/advisories/aol/AIMProtocolBO.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8825", "name" : "8825", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13443", "name" : "aim-getfile-screenname-bo(13443)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aol:instant_messenger:5.2.3292:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1504", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/341760", "name" : "20031018 Get admin level on Goldlink script v3.0", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8847", "name" : "8847", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3302", "name" : "3302", "refsource" : "SREASON", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13465", "name" : "goldlink-variables-gain-access(13465)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:goldscripts:goldlink:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1505", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342010", "name" : "20031022 IE6 CSS-Crash", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8874", "name" : "8874", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securityreason.com/securityalert/3295", "name" : "3295", "refsource" : "SREASON", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13809", "name" : "ie-scrollbarbasecolor-dos(13809)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1506", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342160", "name" : "20031022 CensorNet: Cross Site Scripting Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/342551", "name" : "20031027 Re: CensorNet: Cross Site Scripting Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/342577", "name" : "20031027 Re: CensorNet: Cross Site Scripting Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8876", "name" : "8876", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securityreason.com/securityalert/3299", "name" : "3299", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13507", "name" : "censornet-cgi-xss(13507)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix CensorNet 3.0 through 3.2 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the DENIEDURL parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:daniel_barron:dansguardian:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:daniel_barron:dansguardian:3.1_r5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:daniel_barron:dansguardian:3.1_r6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:daniel_barron:dansguardian:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1507", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/341329", "name" : "20031015 Few issues previously unpublished in English", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8837", "name" : "8837", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1007924", "name" : "1007924", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13446", "name" : "wgsd-default-admin-account(13446)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a default \"superuser\" account with the \"planet\" password, which allows remote attackers to gain administrative access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:planet_technology_corp:wgsd-1020:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:planet_technology_corp:wsw-2401:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1508", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/342179", "name" : "20031023 (Fw) : mIRC 6.12 (latest) DCC Exploit", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.irchelp.org/irchelp/mirc/exploit.html", "name" : "http://www.irchelp.org/irchelp/mirc/exploit.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8880", "name" : "8880", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securityreason.com/securityalert/3303", "name" : "3303", "refsource" : "SREASON", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in mIRC 6.12, when the DCC get dialog window has been minimized and the user opens the minimized window, allows remote attackers to cause a denial of service (crash) via a long filename." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mirc:mirc:6.12:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1509", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://service.real.com/help/faq/security/securityupdate_october2003.html", "name" : "http://service.real.com/help/faq/security/securityupdate_october2003.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8839", "name" : "8839", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13445", "name" : "realoneplayer-temporary-script-execution(13445)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-08-17T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1510", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securiteam.com/windowsntfocus/6S0052K8LQ.html", "name" : "http://www.securiteam.com/windowsntfocus/6S0052K8LQ.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8810", "name" : "8810", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13402", "name" : "tinyweb-httpget-dos(13402)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU consumption) via a \".%00.\" in an HTTP GET request to the cgi-bin directory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rit_research_labs:tinyweb:1.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1511", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/341452", "name" : "20031016 CSS Vulnerability in Bajie HTTP JServer", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8841", "name" : "8841", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://secunia.com/advisories/10023", "name" : "10023", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securityreason.com/securityalert/3306", "name" : "3306", "refsource" : "SREASON", "tags" : [ "Exploit" ] }, { "url" : "http://www.geocities.com/gzhangx/websrv/docs/security.html", "name" : "http://www.geocities.com/gzhangx/websrv/docs/security.html", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server 0.95 through 0.95zxv4 allows remote attackers to inject arbitrary web script or HTML via (1) the query string to test.txt, (2) the guestName parameter to the custMsg servlet, or (3) the cookiename parameter to the CookieExample servlet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bajie:java_http_server:0.95:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bajie:java_http_server:0.95:zxc:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bajie:java_http_server:0.95:zxe1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bajie:java_http_server:0.95:zxv4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bajie:java_http_server:0.95:d:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bajie:java_http_server:0.95:zxe:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1512", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8818", "name" : "8818", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause a denial of service (crash) via a long DCC SEND request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:khaled_mardam-bey:mirc:6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:khaled_mardam-bey:mirc:6.11:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1513", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012361.html", "name" : "20031019 Caucho Resin 2.x - Cross Site Scripting", "refsource" : "FULLDISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8852", "name" : "8852", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/10031", "name" : "10031", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13460", "name" : "resin-name-comment-xss(13460)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:caucho_technology:resin:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:caucho_technology:resin:2.1.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:caucho_technology:resin:2.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:caucho_technology:resin:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1514", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/341754", "name" : "20031019 eMule 2.2 [0.29c] - Web Control Panel - DOS(Denial Of Service)", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8854", "name" : "8854", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3294", "name" : "3294", "refsource" : "SREASON", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13464", "name" : "emule-long-password-dos(13464)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "eMule 0.29c allows remote attackers to cause a denial of service (crash) via a long password, possibly due to a buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:emule:emule:0.29c:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1515", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/341752", "name" : "20031012 Origo ASR-8100 ADSL router remote factory reset", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8855", "name" : "8855", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3300", "name" : "3300", "refsource" : "SREASON", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13463", "name" : "origo-default-settings-restore(13463)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Origo ASR-8100 ADSL Router 3.21 has an administration service running on port 254 that does not require a password, which allows remote attackers to cause a denial of service by restoring the factory defaults." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:origo:asr-8100:adsl_router_3.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:origo:asr-8400:adsl_router:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1516", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/341815", "name" : "20031020 Cross Site Java applets", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8857", "name" : "8857", "refsource" : "BID", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:java_plug-in:1.4.2_01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1517", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securiteam.com/securitynews/6T00T008KG.html", "name" : "http://www.securiteam.com/securitynews/6T00T008KG.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8860", "name" : "8860", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13461", "name" : "dansie-cartpl-path-disclosure(13461)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dansie:shopping_cart:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1518", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securiteam.com/windowsntfocus/6L00F158KE.html", "name" : "http://www.securiteam.com/windowsntfocus/6L00F158KE.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.adiscon.com/Common/en/advisory/2003-09-15.asp", "name" : "http://www.adiscon.com/Common/en/advisory/2003-09-15.asp", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8821", "name" : "8821", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13428", "name" : "winsyslog-long-syslog-dos(13428)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Adiscon WinSyslog 4.21 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a long syslog message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adiscon:winsyslog:4.21_sp1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adiscon:winsyslog:5.0_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1519", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/8862", "name" : "8862", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securitytracker.com/id?1007955", "name" : "1007955", "refsource" : "SECTRACK", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13452", "name" : "vívísimo-clustering-engine-xss(13452)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine allows remote attackers to inject arbitrary web script or HTML via the query parameter to the search program." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vivisimo:clustering_engine:0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1520", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/341908", "name" : "20031021 SQL Injection Vulnerability in FuzzyMonkey MyClassifieds SQL Version", "refsource" : "BUGTRAQ", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.fuzzymonkey.org/newfuzzy/software/data/03My_Classifieds_MySQL//README.html#changes", "name" : "http://www.fuzzymonkey.org/newfuzzy/software/data/03My_Classifieds_MySQL//README.html#changes", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8863", "name" : "8863", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://securityreason.com/securityalert/3293", "name" : "3293", "refsource" : "SREASON", "tags" : [ "Exploit", "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fuzzymonkey:myclassifieds:2.11:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1521", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/341943", "name" : "20031021 IE6 & Java 1.4.2_02 applet: Hardware stress on floppy drive", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8867", "name" : "8867", "refsource" : "BID", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:java_plug-in:1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:java_plug-in:1.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:java_plug-in:1.4.2_01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:java_plug-in:1.4.2_02:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1522", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securiteam.com/windowsntfocus/6S00S008KW.html", "name" : "http://www.securiteam.com/windowsntfocus/6S00S008KW.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.pscs.co.uk/products/vpop3/whatsnew.html", "name" : "http://www.pscs.co.uk/products/vpop3/whatsnew.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8869", "name" : "8869", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13459", "name" : "vpop3-login-xss(13459)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server 2.0e and 2.0f allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to the admin/index.html page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pscs:vpop3_web_mail_server:2.0e:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pscs:vpop3_web_mail_server:2.0f:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1523", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://mailman.fastxs.net/pipermail/dbmail/2003-July/003252.html", "name" : "[Dbmail] 20030725 WARNING SECURITY FLAW IN IMAPSERVER", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8829", "name" : "8829", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/10001", "name" : "10001", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13416", "name" : "dbmail-multiple-sql-injection(13416)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dbmail:dbmail:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dbmail:dbmail:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1524", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securiteam.com/windowsntfocus/6M00L0K8KI.html", "name" : "http://www.securiteam.com/windowsntfocus/6M00L0K8KI.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8870", "name" : "8870", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13490", "name" : "pgpdisk-obtain-information(13490)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch user function in Windows XP is used, which could allow local users to access data on another user's PGP partition." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pgpi:pgpdisk:6.0.2i:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:C/I:C/A:N", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "NONE", "baseScore" : 6.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 9.2, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1525", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.fuzzymonkey.org/newfuzzy/software/perl/photo/README.html", "name" : "http://www.fuzzymonkey.org/newfuzzy/software/perl/photo/README.html", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/8872", "name" : "8872", "refsource" : "BID", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13498", "name" : "myphotogallery-unknown-vulnerabilities(13498)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:my_photo_gallery:my_photo_gallery:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1526", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/341743", "name" : "20031018 PHP-Nuke Path Disclosure Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/8848", "name" : "8848", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) \", (2) ', or (3) > in the search field, which reveals the path in an error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1527", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://online.securityfocus.com/archive/1/294411", "name" : "20021008 Multiple Vendor PC firewall remote denial of services Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/5917", "name" : "5917", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.iss.net/security_center/static/10314.php", "name" : "firewall-autoblock-spoofing-dos(10314)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:internet_security_systems_blackice_defender:2.9cap:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:iss:blackice_server_protection:3.5.cdf:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1528", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-59" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/9446", "name" : "9446", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1008801", "name" : "1008801", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3353", "name" : "3353", "refsource" : "SREASON", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/archive/1/350237/30/21640/threaded", "name" : "20040119 Networker 6.0 - possible symlink attack", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to overwrite arbitrary files via a symlink attack on the nsrsh[PID] temporary file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fujitsu:siemens_networker:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1529", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-03/0357.html", "name" : "20030325 IRM 005: JWalk Application Server Version 3.2c9 Directory Traversal Vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.irmplc.com/advisory/adv5.htm", "name" : "http://www.irmplc.com/advisory/adv5.htm", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7160", "name" : "7160", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.osvdb.org/4927", "name" : "4927", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006378", "name" : "1006378", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8411", "name" : "8411", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11623", "name" : "jwalk-dotdot-directory-traversal(11623)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a \".%252e\" (encoded dot dot) in the URL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:seagull_software_systems:j_walk_application_server:3.2c9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1530", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0125.html", "name" : "20030116 phpBB SQL Injection vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6634", "name" : "6634", "refsource" : "BID", "tags" : [ "Exploit", "Patch" ] }, { "url" : "http://www.osvdb.org/4277", "name" : "4277", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7887/", "name" : "7887", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/307212/30/26300/threaded", "name" : "20030117 phpBB SQL Injection vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb:phpbb:2.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : true, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1531", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=104878375423320&w=2", "name" : "20030327 [SCSA-013] Cross Site Scripting vulnerability in testcgi.exe", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.security-corporation.com/index.php?id=advisories&a=013-FR", "name" : "http://www.security-corporation.com/index.php?id=advisories&a=013-FR", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7214", "name" : "7214", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006391", "name" : "1006391", "refsource" : "SECTRACK", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/8456", "name" : "8456", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11638", "name" : "ceilidh-textcgi-xss(11638)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lilikoi:ceilidh:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.70", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1532", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/6746", "name" : "6746", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.securitytracker.com/id?1006030", "name" : "1006030", "refsource" : "SECTRACK", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/7990", "name" : "7990", "refsource" : "SECUNIA", "tags" : [ "Exploit" ] }, { "url" : "http://securityreason.com/securityalert/3348", "name" : "3348", "refsource" : "SREASON", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/archive/1/309921/30/26090/threaded", "name" : "20030203 phpMyShop (php)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:julien_desaunay:phpmyshop:1.00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1533", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/6594", "name" : "6594", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.securitytracker.com/id?1005948", "name" : "1005948", "refsource" : "SECTRACK", "tags" : [ "Exploit" ] }, { "url" : "http://securityreason.com/securityalert/3349", "name" : "3349", "refsource" : "SREASON", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/archive/1/307224/30/26300/threaded", "name" : "20030113 phpPass (PHP)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phppass:phppass:2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1534", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7233", "name" : "7233", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006412", "name" : "1006412", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8475", "name" : "8475", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securityreason.com/securityalert/3347", "name" : "3347", "refsource" : "SREASON", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/archive/1/316745/30/25280/threaded", "name" : "20030329 Justice Guestbook 1.3 vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice Guestbook 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) aim, (4) yim, (5) location, and (6) comment variables." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:justice_media:guestbook:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1535", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7234", "name" : "7234", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.securitytracker.com/id?1006412", "name" : "1006412", "refsource" : "SECTRACK", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/8475", "name" : "8475", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securityreason.com/securityalert/3347", "name" : "3347", "refsource" : "SREASON", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/archive/1/316745/30/25280/threaded", "name" : "20030329 Justice Guestbook 1.3 vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:justice_media:guestbook:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1536", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html", "name" : "20030318 Some XSS vulns", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7141", "name" : "7141", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7144", "name" : "7144", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.osvdb.org/7021", "name" : "7021", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.osvdb.org/7022", "name" : "7022", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8358", "name" : "8358", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11602", "name" : "dcpportal-search-calendar-xss(11602)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Codeworx Technologies DCP-Portal 5.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the q parameter to search.php and (2) the year parameter to calendar.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dcp-portal:dcp-portal:5.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-07-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1537", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html", "name" : "20030309 Postnuke v 0.723 SQL injection and directory traversing", "refsource" : "VULNWATCH", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postnuke_software_foundation:postnuke:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.723", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1538", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.novell.com/linux/security/advisories/2003_005_susehelp.html", "name" : "SUSE-SA:2003:005", "refsource" : "SUSE", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005954", "name" : "1005954", "refsource" : "SECTRACK", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/7906", "name" : "7906", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters, which allows remote attackers to execute arbitrary commands via CGI queries." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:suse:suse_linux_openexchange_server:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:office_server:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1539", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sourceforge.net/project/shownotes.php?release_id=144274", "name" : "http://sourceforge.net/project/shownotes.php?release_id=144274", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=695597&group_id=60333&atid=493842", "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=695597&group_id=60333&atid=493842", "refsource" : "CONFIRM", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/7035", "name" : "7035", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/8257", "name" : "8257", "refsource" : "SECUNIA", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File Manager (SFM) before 0.21 allows remote attackers to inject arbitrary web script or HTML via (1) file names and (2) directory names." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:onedotoh:simple_file_manager:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.19", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1540", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7147", "name" : "7147", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1006352", "name" : "1006352", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8396", "name" : "8396", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3645", "name" : "3645", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11571", "name" : "wf-chat-plaintext-passwords(11571)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/315583/30/25430/threaded", "name" : "20030319 WF-Chat", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wfchat:wfchat:1.0:beta:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1541", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7167", "name" : "7167", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006360", "name" : "1006360", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8392", "name" : "8392", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3653", "name" : "3653", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11609", "name" : "guestbooktr3a-plaintext-password-disclosure(11609)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/315895/30/25400/threaded", "name" : "20030321 Guestbook tr3.a", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:planetmoon:guestbook:tr3.a.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1542", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://platon.sk/projects/release_view_page.php?release_id=2", "name" : "http://platon.sk/projects/release_view_page.php?release_id=2", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/6933", "name" : "6933", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8183", "name" : "8183", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the fm_path parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ondrej_jombik:phpwebfilemanager:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T20:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1543", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.geocities.com/gzhangx/websrv/docs/security.html", "name" : "http://www.geocities.com/gzhangx/websrv/docs/security.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.lucaercoli.it/advs/bajie.txt", "name" : "http://www.lucaercoli.it/advs/bajie.txt", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://www.securiteam.com/securitynews/5LP10009FC.html", "name" : "http://www.securiteam.com/securitynews/5LP10009FC.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7344", "name" : "7344", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1006428", "name" : "1006428", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8477", "name" : "8477", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11687", "name" : "bajie-error-message-xss(11687)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Bajie Http Web Server 0.95zxe, 0.95zxc, and possibly others, allows remote attackers to inject arbitrary web script or HTML via the query string, which is reflected in an error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bajie:java_http_server:0.95:zxc:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bajie:java_http_server:0.95:zxe:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-08-08T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1544", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/308059", "name" : "20030123 DoS attack on Windows 2000 Terminal Server", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/308164", "name" : "20030124 RE: DoS attack on Windows 2000 Terminal Server", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://support.microsoft.com/kb/815225/en-us", "name" : "815225", "refsource" : "MSKB", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6672", "name" : "6672", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1005986", "name" : "1005986", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/7959", "name" : "7959", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securityreason.com/securityalert/3654", "name" : "3654", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11816", "name" : "win2k-terminal-msgina-permissions(11816)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11141", "name" : "win2k-terminal-msgina-dos(11141)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:srv:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:adv_srv:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-08-08T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1545", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/316198/30/25340/threaded", "name" : "20030325 Re: PHPNuke viewpage.php allows Remote File retrieving", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316233/30/25340/threaded", "name" : "20030325 Re: PHPNuke viewpage.php allows Remote File retrieving", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316341/30/25310/threaded", "name" : "20030325 Re: PHPNuke viewpage.php allows Remote File retrieving", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316327/30/25340/threaded", "name" : "20030326 Re: PHPNuke viewpage.php allows Remote File retrieving", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7191", "name" : "7191", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006377", "name" : "1006377", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316585/30/25310/threaded", "name" : "20030327 Re: PHPNuke viewpage.php allows Remote File retrieving", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316209/30/25340/threaded", "name" : "20030325 Re: PHPNuke viewpage.php and another SQL injections", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316179/30/25340/threaded", "name" : "20030325 PHPNuke viewpage.php allows Remote File retrieving", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nukestyles:viewpage:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpnuke:nukestyles_viewpage_module:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1546", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-03/0219.html", "name" : "20030314 Guestbook v1.1.3 CSS Vuln", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7104", "name" : "7104", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006289", "name" : "1006289", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8317", "name" : "8317", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11540", "name" : "filebased-guestbook-gbook-xss(11540)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in gbook.php in Filebased guestbook 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the comment section." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:filebased:guestbook:1.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-08-08T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1547", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7248", "name" : "7248", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8478", "name" : "8478", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securityreason.com/securityalert/3718", "name" : "3718", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11675", "name" : "phpnuke-blockforums-subject-xss(11675)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/317230/30/25220/threaded", "name" : "20030401 Re: PHP-Nuke block-Forums.php subject vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316925/30/25250/threaded", "name" : "20030331 PHP-Nuke block-Forums.php subject vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1548", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7126", "name" : "7126", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.securitytracker.com/id?1006308", "name" : "1006308", "refsource" : "SECTRACK", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/8320", "name" : "8320", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securityreason.com/securityalert/3717", "name" : "3717", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11556", "name" : "myabracadaweb-index-path-disclosure(11556)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/315317/30/25460/threaded", "name" : "20030317 [SCSA-010] Path Disclosure & Cross Site Scripting Vulnerability in MyABraCaDaWeb", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sensitive information via an invalid IDAdmin or other parameter, which reveals the installation path in an error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:myabracadaweb:myabracadaweb:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1549", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.security-corporation.com/download/patch/MyABraCaDaWebv1.0.2XSSpatch.zip", "name" : "http://www.security-corporation.com/download/patch/MyABraCaDaWebv1.0.2XSSpatch.zip", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.webmaster-mag.net/?module=distridoc&idCat=3", "name" : "http://www.webmaster-mag.net/?module=distridoc&idCat=3", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7127", "name" : "7127", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006308", "name" : "1006308", "refsource" : "SECTRACK", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/8320", "name" : "8320", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securityreason.com/securityalert/3717", "name" : "3717", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11557", "name" : "myabracadaweb-index-makw-xss(11557)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/315317/30/25460/threaded", "name" : "20030317 [SCSA-010] Path Disclosure & Cross Site Scripting Vulnerability in MyABraCaDaWeb", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in header.php in MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the ma_kw parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:myabracadaweb:myabracadaweb:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1550", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=104820295115420&w=2", "name" : "20030320 [SCSA-011] Path Disclosure Vulnerability in XOOPS", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://marc.info/?l=bugtraq&m=104887510828106&w=2", "name" : "20030328 Re: [SCSA-011] Path Disclosure Vulnerability in XOOPS", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.security-corporation.com/index.php?id=advisories&a=011-FR", "name" : "http://www.security-corporation.com/index.php?id=advisories&a=011-FR", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7149", "name" : "7149", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/8353", "name" : "8353", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11587", "name" : "xoops-xoopsoption-path-disclosure(11587)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-08-08T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1551", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.novell.com/servlet/tidfinder/2964956", "name" : "http://support.novell.com/servlet/tidfinder/2964956", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6896", "name" : "6896", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006171", "name" : "1006171", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8133", "name" : "8133", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11394", "name" : "groupwise-script-execution(11394)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to \"malicious script.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:groupwise:*:revision_e:*:*:*:*:*:*", "versionEndIncluding" : "6.0_sp3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2017-08-08T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1552", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11467", "name" : "uploader-uploads-file-upload(11467)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/313819/30/25640/threaded", "name" : "20030304 uploader.php script", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/313787/30/25670/threaded", "name" : "20030304 uploader.php vulnerability", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:graeme:uploader:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1553", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7134", "name" : "7134", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://securityreason.com/securityalert/3780", "name" : "3780", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11572", "name" : "sips-user-obtain-information(11572)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/315504/30/25460/threaded", "name" : "20030318 SIPS (PHP)", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sips:sips:0.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1554", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7235", "name" : "7235", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.securitytracker.com/id?1006413", "name" : "1006413", "refsource" : "SECTRACK", "tags" : [ "Exploit" ] }, { "url" : "http://secunia.com/advisories/8476", "name" : "8476", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securityreason.com/securityalert/3781", "name" : "3781", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11658", "name" : "scozbook-add-xss(11658)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316747/30/25280/threaded", "name" : "20030329 ScozBook BETA 1.1 vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:scoznet:scozbook:1.1_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1555", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7236", "name" : "7236", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.securitytracker.com/id?1006413", "name" : "1006413", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8476", "name" : "8476", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3781", "name" : "3781", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11659", "name" : "scozbook-view-path-disclosure(11659)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316747/30/25280/threaded", "name" : "20030329 ScozBook BETA 1.1 vulnerabilities", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:scoznet:scozbook:1.1_beta:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1556", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7237", "name" : "7237", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3796", "name" : "3796", "refsource" : "SREASON", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/316764/30/25250/threaded", "name" : "20030329 CGI-City's CCGuestBook Script Injection Vulns", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) homepage_title (webpage title) parameters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cgi_city:cc_guestbook:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1557", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://marc.info/?l=bugtraq&m=104342896818777&w=2", "name" : "20030123 SpamAssassin / spamc+BSMTP remote buffer overflow", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6679", "name" : "6679", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/7983", "name" : "7983", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11154", "name" : "spamassassin-spamc-offbyone-bo(11154)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/310212/30/26030/threaded", "name" : "20030204 Re: GLSA: Mail-SpamAssasin", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/309912/30/26090/threaded", "name" : "GLSA-200302-01", "refsource" : "GENTOO", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode (\"-B\"), allows remote attackers to execute arbitrary code via email containing headers with leading \".\" characters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:spamassassin:spamassassin:2.42:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:spamassassin:spamassassin:2.43:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:spamassassin:spamassassin:2.40:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:spamassassin:spamassassin:2.41:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.6 }, "severity" : "HIGH", "exploitabilityScore" : 4.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1558", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.fefe.de/fnord/", "name" : "http://www.fefe.de/fnord/", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/6635", "name" : "6635", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://secunia.com/advisories/7893", "name" : "7893", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11121", "name" : "fnord-httpdc-cgi-bo(11121)", "refsource" : "XF", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/307400/30/26270/threaded", "name" : "20030117 GLSA: fnord", "refsource" : "BUGTRAQ", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to create a denial of service (crash) and possibly execute arbitrary code via a long CGI request passed to the do_cgi function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fefe:fnord:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-19T15:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1559", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/348360", "name" : "20031224 IE 5.22 on Mac Transmitting HTTP Referer from Secure Page", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/348574", "name" : "20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html", "name" : "http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/9295", "name" : "9295", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/3989", "name" : "3989", "refsource" : "SREASON", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:6:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.22:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2009-01-29T05:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1560", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/348574", "name" : "20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/4004", "name" : "4004", "refsource" : "SREASON", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netscape:navigator:4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2009-01-29T05:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1561", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" }, { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/348574", "name" : "20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://securityreason.com/securityalert/4004", "name" : "4004", "refsource" : "SREASON", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opera:opera:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2009-01-29T05:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1562", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/320153", "name" : "20030501 Re: OpenSSH/PAM timing attack allows remote users identification", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/320302", "name" : "20030501 Re: OpenSSH/PAM timing attack allows remote users identification", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/320440", "name" : "20030505 Re: OpenSSH/PAM timing attack allows remote users identification", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747", "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7482", "name" : "7482", "refsource" : "BID", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.6 }, "severity" : "HIGH", "exploitabilityScore" : 4.9, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-09-05T04:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1563", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101393-1", "name" : "101393", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-200810-1", "name" : "200810", "refsource" : "SUNALERT", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/9137", "name" : "9137", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.auscert.org.au/render.html?it=3672", "name" : "ESB-2003.0843", "refsource" : "AUSCERT", "tags" : [ "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local users to cause a denial of service (cluster node panic or abort) by launching a daemon listening on a TCP port that would otherwise be used by the Distributed Lock Manager (DLM), possibly involving this daemon responding in a manner that spoofs a cluster reconfiguration." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:cluster:2.2:*:sparc:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:cluster:3.1:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:cluster:3.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:cluster:3.2:*:sparc:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:N/C:N/I:N/A:C", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 1.9, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2018-10-30T16:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1564", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-189" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://mail.gnome.org/archives/xml/2008-August/msg00034.html", "name" : "[xml] 20080820 Security fix for libxml2", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "http://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2", "name" : "http://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://xmlsoft.org/news.html", "name" : "http://xmlsoft.org/news.html", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.redhat.com/support/errata/RHSA-2008-0886.html", "name" : "RHSA-2008:0886", "refsource" : "REDHAT", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/31868", "name" : "31868", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.stylusstudio.com/xmldev/200302/post20020.html", "name" : "[xml-dev] 20030202 Re: Elliotte Rusty Harold on Web Services", "refsource" : "MLIST", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the \"billion laughs attack.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.27:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.28:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.7.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.21:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.25:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.26:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.22:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.0:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.29:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2003-12-31T05:00Z", "lastModifiedDate" : "2008-10-24T04:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1565", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1565. Reason: This candidate is a duplicate of CVE-2002-1565. Notes: All CVE users should reference CVE-2002-1565 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2003-08-27T04:00Z", "lastModifiedDate" : "2008-09-10T19:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1566", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-16" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.osvdb.org/4864", "name" : "4864", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html", "name" : "20031227 AQ-2003-02: Microsoft IIS Logging Failure", "refsource" : "NTBUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/9313", "name" : "9313", "refsource" : "BID", "tags" : [ "Exploit" ] }, { "url" : "http://www.aqtronix.com/Advisories/AQ-2003-02.txt", "name" : "http://www.aqtronix.com/Advisories/AQ-2003-02.txt", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14077", "name" : "iis-improper-httptrack-logging(14077)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2009-01-15T00:30Z", "lastModifiedDate" : "2017-08-08T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1567", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.osvdb.org/5648", "name" : "5648", "refsource" : "OSVDB", "tags" : [ "Exploit" ] }, { "url" : "http://www.aqtronix.com/Advisories/AQ-2003-02.txt", "name" : "http://www.aqtronix.com/Advisories/AQ-2003-02.txt", "refsource" : "MISC", "tags" : [ "Exploit" ] }, { "url" : "http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html", "name" : "20031227 AQ-2003-02: Microsoft IIS Logging Failure", "refsource" : "NTBUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.kb.cert.org/vuls/id/288308", "name" : "VU#288308", "refsource" : "CERT-VN", "tags" : [ "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2009-01-15T00:30Z", "lastModifiedDate" : "2009-01-16T05:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1568", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#null-pointer-crash-in-webssafeurl", "name" : "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#null-pointer-crash-in-webssafeurl", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:goahead:goahead_webserver:2.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:goahead:goahead_webserver:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:goahead_software:goahead_webserver:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:goahead_software:goahead_webserver:2.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:goahead_software:goahead_webserver:2.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:goahead:goahead_webserver:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:goahead:goahead_webserver:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2009-02-06T19:30Z", "lastModifiedDate" : "2009-02-09T05:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1569", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#windows-95-98-me-aux-denial-of-service", "name" : "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#windows-95-98-me-aux-denial-of-service", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:goahead:goahead_webserver:2.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:goahead:goahead_webserver:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:goahead:goahead_webserver:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:goahead:goahead_webserver:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:goahead:goahead_webserver:2.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:goahead:goahead_webserver:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_98:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2009-02-06T19:30Z", "lastModifiedDate" : "2009-02-09T05:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1570", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21375360", "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21375360", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1021947", "name" : "1021947", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/34498", "name" : "34498", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/34285", "name" : "34285", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.vupen.com/english/advisories/2009/0881", "name" : "ADV-2009-0881", "refsource" : "VUPEN", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IC37554", "name" : "IC37554", "refsource" : "AIXAPAR", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49536", "name" : "tsm-consolemode-info-disclosure(49536)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to \"session exposure.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2009-03-31T18:24Z", "lastModifiedDate" : "2017-08-17T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1571", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=25863", "name" : "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=25863", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.osvdb.org/2492", "name" : "2492", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/9639", "name" : "9639", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/7488", "name" : "7488", "refsource" : "EXPLOIT-DB", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webwizguide:web_wiz_guestbook:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webwizguide:web_wiz_guestbook:8.21:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2009-04-02T15:30Z", "lastModifiedDate" : "2017-10-11T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1572", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.illegalaccess.org/java/jmf.php", "name" : "http://www.illegalaccess.org/java/jmf.php", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://archive.cert.uni-stuttgart.de/bugtraq/2003/06/msg00219.html", "name" : "20030625 Privilege escalation applet, Java Media Framework", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://securitytracker.com/id?1006777", "name" : "1006777", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F54760", "name" : "54760", "refsource" : "SUNALERT", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jmf:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jmf:2.1.1a:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jmf:2.1.1b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:jmf:2.1.1c:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2009-06-01T22:30Z", "lastModifiedDate" : "2009-06-02T04:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1573", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://secunia.com/advisories/10460", "name" : "10460", "refsource" : "SECUNIA", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://securitytracker.com/id?1008491", "name" : "1008491", "refsource" : "SECTRACK", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-01/0148.html", "name" : "20040118 Proof-Of-Concept Denial-Of-Service Pointbase 4.6 Java SQL-DB", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "http://www.securityfocus.com/bid/9230", "name" : "9230", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://seclists.org/bugtraq/2003/Dec/0249.html", "name" : "20031216 J2EE 1.4 reference implementation: database component allows remote code execution", "refsource" : "BUGTRAQ", "tags" : [ ] }, { "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0675.html", "name" : "20040118 Proof-Of-Concept Denial-Of-Service Pointbase 4.6 Java SQL-DB", "refsource" : "FULLDISC", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14883", "name" : "pointbase-command-execution(14883)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14882", "name" : "pointbase-information-disclosure(14882)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14881", "name" : "pointbase-insecure-permissions-dos(14881)", "refsource" : "XF", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14008", "name" : "j2ee-pointbase-sql-injection(14008)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to \"inadequate security settings and library bugs in sun.* and org.apache.* packages.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:j2ee:1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2009-06-01T22:30Z", "lastModifiedDate" : "2017-08-17T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1574", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/14170", "name" : "14170", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=748739&group_id=64258&atid=506846", "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=748739&group_id=64258&atid=506846", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40347", "name" : "tikiwiki-username-security-byass(40347)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer \"Remember Me\" feature. NOTE: some of these details are obtained from third party information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : true, "userInteractionRequired" : false } }, "publishedDate" : "2009-08-24T10:30Z", "lastModifiedDate" : "2017-08-17T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1575", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-113207-05-1", "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-113207-05-1", "refsource" : "CONFIRM", "tags" : [ "Patch" ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200161-1", "name" : "200161", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:vxfs:3.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:vxfs:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:symantec:vxfs:3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2010-01-28T20:30Z", "lastModifiedDate" : "2010-01-31T05:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1576", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201231-1", "name" : "201231", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-113105-01-1", "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-113105-01-1", "refsource" : "CONFIRM", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:change_manager:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:sun:management_center:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : true, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2010-01-28T20:30Z", "lastModifiedDate" : "2010-01-31T05:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1577", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1", "name" : "201453", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/archive/1/313867", "name" : "20030304 Log corruption on multiple webservers, log analyzers,...", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56632", "name" : "sunone-iplanetlog-xss(56632)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:*:sp12:*:*:*:*:*:*", "versionEndIncluding" : "4.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:*:sp5:*:*:*:*:*:*", "versionEndIncluding" : "6.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.6 }, "severity" : "LOW", "exploitabilityScore" : 4.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2010-02-05T22:30Z", "lastModifiedDate" : "2017-08-17T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1578", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1", "name" : "201453", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/7012", "name" : "7012", "refsource" : "BID", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/archive/1/313867", "name" : "20030304 Log corruption on multiple webservers, log analyzers,...", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56633", "name" : "iplanet-logpreview-security-bypass(56633)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a \"format=\" substring, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:*:sp12:*:*:*:*:*:*", "versionEndIncluding" : "4.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:*:sp5:*:*:*:*:*:*", "versionEndIncluding" : "6.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2010-02-05T22:30Z", "lastModifiedDate" : "2017-08-17T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1579", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-189" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/313867", "name" : "20030304 Log corruption on multiple webservers, log analyzers,...", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2010-02-05T22:30Z", "lastModifiedDate" : "2010-02-08T14:55Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1580", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-189" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/313867", "name" : "20030304 Log corruption on multiple webservers, log analyzers,...", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2010-02-05T22:30Z", "lastModifiedDate" : "2010-02-08T05:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1581", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/313867", "name" : "20030304 Log corruption on multiple webservers, log analyzers,...", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.6 }, "severity" : "LOW", "exploitabilityScore" : 4.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2010-02-05T22:30Z", "lastModifiedDate" : "2010-02-08T05:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1582", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/313867", "name" : "20030304 Log corruption on multiple webservers, log analyzers,...", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.6 }, "severity" : "LOW", "exploitabilityScore" : 4.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2010-02-05T22:30Z", "lastModifiedDate" : "2019-07-03T17:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1583", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/313867", "name" : "20030304 Log corruption on multiple webservers, log analyzers,...", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56650", "name" : "webtrends-domain-name-xss(56650)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in WebTrends allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webtrends:webtrends_log_analyzer:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2010-02-05T22:30Z", "lastModifiedDate" : "2017-08-17T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1584", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/313867", "name" : "20030304 Log corruption on multiple webservers, log analyzers,...", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56649", "name" : "surfstats-domain-name-xss(56649)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in SurfStats allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:surfstats:surfstats:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2010-02-05T22:30Z", "lastModifiedDate" : "2017-08-17T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1585", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/313867", "name" : "20030304 Log corruption on multiple webservers, log analyzers,...", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56647", "name" : "weblogexpert-domain-name-xss(56647)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:alentum:weblog_expert:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2010-02-05T22:30Z", "lastModifiedDate" : "2017-08-17T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1586", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/313867", "name" : "20030304 Log corruption on multiple webservers, log analyzers,...", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56646", "name" : "webexpert-useragent-xss(56646)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in WebExpert allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:iplanet:webexpert:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2010-02-05T22:30Z", "lastModifiedDate" : "2017-08-17T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1587", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/313867", "name" : "20030304 Log corruption on multiple webservers, log analyzers,...", "refsource" : "BUGTRAQ", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56645", "name" : "loganpro-useragent-xss(56645)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in LoganPro allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:iplanet:loganpro:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2010-02-05T22:30Z", "lastModifiedDate" : "2017-08-17T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1588", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201460-1", "name" : "201460", "refsource" : "SUNALERT", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56617", "name" : "suncluster-haoracle-information-disclosure(56617)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:cluster:2.2:*:sparc:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 1.9 }, "severity" : "LOW", "exploitabilityScore" : 3.4, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2010-02-08T20:30Z", "lastModifiedDate" : "2017-08-17T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1589", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201454-1", "name" : "201454", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56616", "name" : "iplanet-unspecified-dos(56616)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp12:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2010-02-25T19:30Z", "lastModifiedDate" : "2017-08-17T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1590", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201451-1", "name" : "201451", "refsource" : "SUNALERT", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56615", "name" : "sunone-unspecified-dos(56615)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2010-02-25T19:30Z", "lastModifiedDate" : "2017-08-17T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1591", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", "name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allows user-assisted remote attackers to cause a denial of service (console hang) via a large number of FTP sessions, which are not properly handled during an NLM unload." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2010-04-05T15:30Z", "lastModifiedDate" : "2010-06-08T04:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1592", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", "name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allow remote attackers to cause a denial of service (abend) via a long (1) username or (2) password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2010-04-05T15:30Z", "lastModifiedDate" : "2010-04-06T04:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1593", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", "name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2010-04-05T15:30Z", "lastModifiedDate" : "2010-04-06T04:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1594", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", "name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2010-04-05T15:30Z", "lastModifiedDate" : "2010-04-06T04:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1595", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", "name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", "refsource" : "CONFIRM", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform \"intruder detection,\" which has unspecified impact and attack vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2010-04-05T15:30Z", "lastModifiedDate" : "2010-04-06T04:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1596", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-264" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", "name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", "refsource" : "CONFIRM", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:5.01i:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:5.01w:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:5.02y:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:5.01y:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:5.02b:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:5.02i:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:5.02r:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:5.01o:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "5.03b", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2010-04-05T15:30Z", "lastModifiedDate" : "2010-06-08T04:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1598", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt", "name" : "http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://seclists.org/oss-sec/2012/q1/77", "name" : "[oss-sec] 20120106 Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003)", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "http://secunia.com/advisories/8954/", "name" : "8954", "refsource" : "SECUNIA", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/7784", "name" : "7784", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://osvdb.org/show/osvdb/4610", "name" : "4610", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12204", "name" : "wordpress-blogheader-sql-injection(12204)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2014-10-01T14:55Z", "lastModifiedDate" : "2017-08-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1599", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/7785", "name" : "7785", "refsource" : "BID", "tags" : [ ] }, { "url" : "http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt", "name" : "http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.osvdb.org/4611", "name" : "4611", "refsource" : "OSVDB", "tags" : [ ] }, { "url" : "http://www.openwall.com/lists/oss-security/2012/01/06/3", "name" : "[oss-security] 20120106 Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003)", "refsource" : "MLIST", "tags" : [ "Exploit" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12205", "name" : "wordpress-linksall-file-include(12205)", "refsource" : "XF", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wordpress:wordpress:0.70:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2014-10-27T20:55Z", "lastModifiedDate" : "2017-08-29T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1600", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T20:15Z", "lastModifiedDate" : "2020-11-05T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1601", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T20:15Z", "lastModifiedDate" : "2020-11-05T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1602", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T20:15Z", "lastModifiedDate" : "2020-11-05T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1603", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://twitter.com/digitalbond/status/619250429751222277", "name" : "https://twitter.com/digitalbond/status/619250429751222277", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", "name" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", "refsource" : "MISC", "tags" : [ ] }, { "url" : "http://apps.gehealthcare.com/servlet/ClientServlet/2337093-100.pdf?REQ=RAA&DIRECTION=2337093-100&FILENAME=2337093-100.pdf&FILEREV=1&DOCREV_ORG=1", "name" : "http://apps.gehealthcare.com/servlet/ClientServlet/2337093-100.pdf?REQ=RAA&DIRECTION=2337093-100&FILENAME=2337093-100.pdf&FILEREV=1&DOCREV_ORG=1", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", "refsource" : "MISC", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) \"2\" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gehealthcare:discovery_vh:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2015-08-04T14:59Z", "lastModifiedDate" : "2018-03-28T01:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1604", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2016/01/27/9", "name" : "[oss-security] 20160127 Re: CVE Request: Linux: NULL pointer dereference netfilter/nf_nat_redirect.c in nf_nat_redirect_ipv4 function", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "http://marc.info/?l=netfilter-devel&m=106668497403047&w=2", "name" : "[netfilter-devel] 20031020 [PATCH] Fix possible oops in ipt_REDIRECT", "refsource" : "MLIST", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1303072", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1303072", "refsource" : "CONFIRM", "tags" : [ ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html", "name" : "openSUSE-SU-2016:1008", "refsource" : "SUSE", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.5.75", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2016-05-02T10:59Z", "lastModifiedDate" : "2016-12-01T02:59Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2003-1605", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://curl.haxx.se/docs/CVE-2003-1605.html", "name" : "https://curl.haxx.se/docs/CVE-2003-1605.html", "refsource" : "MISC", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/8432", "name" : "8432", "refsource" : "BID", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.1.0", "versionEndExcluding" : "7.10.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-23T19:29Z", "lastModifiedDate" : "2018-10-15T18:20Z" } ] }